goals-and-kpis
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The README.md file promotes a 'one-line install' method: 'curl -fsSL https://raw.githubusercontent.com/thierryteisseire/business_skills/main/install-skill.sh | bash -s goals-and-kpis'. This pattern executes a remote script from a personal GitHub repository directly in the shell without prior verification, which is a significant security risk despite originating from the skill author.\n- [COMMAND_EXECUTION]: The 'package.json' file contains 'install' and 'postinstall' scripts that automatically run 'node install.js' when the package is installed via npm, allowing for arbitrary code execution on the host system during the setup phase.\n- [COMMAND_EXECUTION]: The skill distribution includes 'install.js' and 'install.sh' scripts that perform file system operations, including creating directories and setting up symlinks in user directories (~/.agents and ~/.claude) to maintain persistence across sessions.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted user data regarding business context.\n
- Ingestion points: The agent collects company and team descriptions via AskUserQuestion.\n
- Boundary markers: The SKILL.md prompt lacks explicit boundary markers or instructions for the agent to ignore embedded commands within user data.\n
- Capability inventory: The skill is granted access to powerful tools including Bash, Write, and Edit.\n
- Sanitization: There is no evidence of input validation or content sanitization before the agent processes user-provided context.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/thierryteisseire/business_skills/main/install-skill.sh - DO NOT USE without thorough review
Audit Metadata