guide-me
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's documentation index contains deceptive metadata, including references to fictional model versions like 'Opus 4.6' and future release dates (e.g., 2025 and 2026), which could mislead users or the agent.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design as it fetches untrusted data from external community sources. 1. Ingestion points: Retrieves content from Reddit subreddits (r/ClaudeCode, r/ClaudeAI, etc.) via WebSearch and WebFetch. 2. Boundary markers: Absent. The skill provides no instructions to treat external community content as untrusted or to ignore embedded instructions. 3. Capability inventory: Includes web fetching and search capabilities to aggregate external information. 4. Sanitization: Absent. There is no validation or escaping of the content fetched from third-party sites.
- [REMOTE_CODE_EXECUTION]: The skill provides an installation string
curl -fsSL https://claude.ai/install.sh | bash. While this pattern involves executing remote code, it targets an official domain associated with a well-known service. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation from
code.claude.com, an official-looking domain associated with the product vendor.
Recommendations
- HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata