ollama
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command for Linux (
curl -fsSL https://ollama.com/install.sh | sh) which fetches and executes the official installation script from ollama.com. - [EXTERNAL_DOWNLOADS]: Fetches software components from ollama.com, brew.sh, and docker.com via provided instructions.
- [COMMAND_EXECUTION]: Uses system commands such as curl, brew, docker, and the ollama CLI for setup and model management.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user input for model inference.
- Ingestion points: User-provided strings are passed to the Ollama API via curl and SDKs in SKILL.md.
- Boundary markers: No explicit delimiters or instructions are used to isolate user input from system prompts.
- Capability inventory: The skill uses curl, brew, docker, and the ollama CLI to perform tasks.
- Sanitization: No input validation or escaping is demonstrated in the provided code examples.
Recommendations
- HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
Audit Metadata