trapiche-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements a one-liner installation pattern (
curl -fsSL https://trapiche.cloud/install.sh | bash) that downloads and executes a script from a remote server directly in the shell without verification. - [EXTERNAL_DOWNLOADS]: The skill communicates with
trapiche.cloudto fetch the installation script and interacts withapi.trapiche.cloudduring the deployment process. - [DATA_EXFILTRATION]: The deployment workflow bundles local project files and uploads them to the vendor's external infrastructure. While common files like
.envare excluded, any hardcoded secrets or sensitive data within the project source code will be transmitted to the third-party service. - [COMMAND_EXECUTION]: Uses the local system shell to execute several commands, including
whichfor environment checking,curlfor downloads, and thetrapicheCLI for deployment operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted project files and build logs.
- Ingestion points: Project source files and build output logs in
SKILL.md. - Boundary markers: Absent; no delimiters are used to separate external content from agent instructions.
- Capability inventory: Shell command execution via tool calls.
- Sanitization: Absent; the agent is instructed to read and report logs directly without validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://trapiche.cloud/install.sh - DO NOT USE without thorough review
Audit Metadata