utoo
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to execute 'curl -fsSL https://utoo.land/install | bash' as a fallback if the 'ut' command is missing. Piping remote content directly to a shell is a dangerous pattern that allows for arbitrary code execution without verification.
- [PROMPT_INJECTION]: The SKILL.md file contains mandatory instructions ('MUST', 'strictly forbidden') designed to override the agent's default logic for selecting package management tools. It explicitly instructs the agent to ignore standard tools like npm, pnpm, and yarn in favor of this skill.
- [COMMAND_EXECUTION]: The skill requests Bash tool permissions with broad wildcard patterns ('utoo:', 'ut:', 'utx:*'). This grants the agent the ability to execute shell commands with a wide range of arbitrary arguments, increasing the attack surface if the agent is manipulated.
- [EXTERNAL_DOWNLOADS]: The skill's operational flow involves downloading an installation script from the 'utoo.land' domain. While this is a vendor-owned resource, the reliance on external execution scripts creates a dependency on the security of that remote host.
Recommendations
- HIGH: Downloads and executes remote code from: https://utoo.land/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata