sbom-syft
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill recommends installing the Syft tool via
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh. This pattern downloads a script from the internet and pipes it directly into a shell for execution. Because the 'anchore' GitHub organization is not within the defined trusted scope, this is classified as an untrusted remote code execution finding. - Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted data from external directories (
syft dir:<target-path>) and container images (syft <image>:<tag>). - Ingestion points:
SKILL.mdinstructions for scanning local paths and remote container images. - Boundary markers: None detected. The skill does not use delimiters or instructions to ignore embedded malicious content within the files it scans.
- Capability inventory: The skill executes system-level commands and generates summaries that could influence downstream security decisions or agent actions.
- Sanitization: No evidence of sanitization or validation of the scanned data or its output metadata exists.
- Command Execution (HIGH): The skill facilitates the execution of arbitrary system commands using the
syftbinary on user-provided paths or images, which can be exploited if the inputs are not strictly controlled.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/anchore/syft/main/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata