kali-tools
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The project documentation (README.md) instructs users to run a piped shell command from an untrusted GitHub account. This allows the author to execute arbitrary code on the user's machine during installation.
- Evidence: Detected command 'curl -fsSL https://raw.githubusercontent.com/tzf1003/ChatKali/main/scripts/install.sh | bash'.
- External Downloads (HIGH): The installation script clones a repository from a non-whitelisted GitHub user into local agent skill directories, creating potential for unauthorized persistence.
- Evidence: scripts/install.sh uses 'git clone' to install files into ~/.codex/skills/ and ~/.claude/skills/.
- Indirect Prompt Injection (LOW): This skill parses documentation for 792 security tools. This represents a large surface for indirect prompt injection if the source data contains malicious instructions. 1. Ingestion points: references/tools/ directory. 2. Boundary markers: Absent. 3. Capability inventory: Identifies and generates commands for security binaries. 4. Sanitization: Scraped data is not validated or filtered.
- Command Execution (INFO): The skill is designed to help agents execute security auditing tools. This is the primary purpose but carries inherent risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/tzf1003/ChatKali/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata