Skills
skills/winsorllc/upgraded-carnival/skill-autoinstaller/Gen Agent Trust Hub

skill-autoinstaller

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The discover.js script is vulnerable to command injection through the --repo and --dir command-line arguments.
  • Evidence: The script interpolates the url (containing the unsanitized repo argument) directly into a git clone command via execSync.
  • Evidence: The findSkillFiles and manualSearch functions use the unsanitized dir argument directly in execSync calls for find and ls -la commands.
  • [COMMAND_EXECUTION]: The evaluate.js script is vulnerable to command injection via the --path argument.
  • Evidence: Multiple functions, including checkPathTraversal, checkDangerousPatterns, checkSecrets, checkNetworkCalls, and checkFileOperations, interpolate the SKILL_PATH variable directly into shell commands like find and readlink executed via execSync.
  • [EXTERNAL_DOWNLOADS]: The skill clones external GitHub repositories to a temporary directory for processing.
  • Evidence: discover.js uses git clone to fetch repositories from GitHub based on user-supplied strings.
  • [REMOTE_CODE_EXECUTION]: The skill provides a framework for automatically installing and executing code from external repositories.
  • Evidence: Documentation in SKILL.md outlines installation strategies including npm install, pip install, apt-get install, and the execution of arbitrary installation scripts found within the downloaded repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 05:11 AM