zed
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the official Zed installation script from zed.dev.\n- [REMOTE_CODE_EXECUTION]: Setup instructions include executing the official installation script via curl piped to the shell.\n- [COMMAND_EXECUTION]: Configuration examples specify the use of external formatting tools like Prettier and Ruff through shell commands.\n- [PROMPT_INJECTION]: The skill identifies surfaces for indirect prompt injection when the AI assistant processes workspace data.\n
- Ingestion points: AI Assistant panel processes context from files, open tabs, and terminal output (SKILL.md).\n
- Boundary markers: Instructions do not specify delimiters or warnings to ignore embedded instructions in data.\n
- Capability inventory: The environment supports shell command execution and terminal access (SKILL.md).\n
- Sanitization: No sanitization methods for ingested data are described in the skill.
Recommendations
- HIGH: Downloads and executes remote code from: https://zed.dev/install.sh - DO NOT USE without thorough review
Audit Metadata