init-unblocked
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill executes a remote shell script from 'https://getunblocked.com/install.sh' by piping it directly to bash. While this is the intended installation method, the script source is not a trusted domain, making it a high-risk operation for arbitrary code execution.\n- EXTERNAL_DOWNLOADS (HIGH): The skill fetches and runs content from 'getunblocked.com', which is not included in the pre-approved list of trusted repositories or organizations.\n- COMMAND_EXECUTION (MEDIUM): The skill triggers multiple shell commands including
unblocked auth,unblocked help, and environment checks (which). These provide direct interaction with the host system's command-line interface.\n- PROMPT_INJECTION (LOW): The 'SKILL.md' file uses strong instructional overrides (e.g., 'MANDATORY TRIGGERS', 'Agent Behavior Contract', 'MUST') to dictate agent behavior. Such patterns can be exploited to bypass or override system-level safety instructions.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and process data from external, potentially attacker-controlled sources like Slack threads, Jira tickets, and PR descriptions. 1. Ingestion points: Data from PRs, Slack, and Jira via the Unblocked MCP. 2. Boundary markers: No delimiters or warnings are used to isolate this untrusted content. 3. Capability inventory: The skill has access to shell execution, network authentication, and browser sessions. 4. Sanitization: No sanitization or validation of the external content is performed before the agent processes it.
Recommendations
- HIGH: Downloads and executes remote code from: https://getunblocked.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata