graph-easy
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The references/preflight-check.md file contains commands to download and execute an installation script from the well-known cpanmin.us service to set up the Perl environment.\n- [COMMAND_EXECUTION]: The skill's setup process utilizes sudo to install system packages on Linux-based environments.\n- [COMMAND_EXECUTION]: A wrapper script at scripts/graph-easy contains a hardcoded absolute path referencing a specific user's home directory (/Users/terryli/), which exposes environment metadata and may impact cross-system functionality.\n- [PROMPT_INJECTION]: The SKILL.md file includes a 'Self-Evolving Skill' instruction that directs the agent to modify the skill's own source instructions based on its interactions. This mechanism could be potentially abused to persist malicious or unintended behaviors.
Audit Metadata