Skills
skills/yash-atreya/agentads/ad-consumer/Gen Agent Trust Hub

ad-consumer

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation instructions in SKILL.md prompt the user to execute curl -sSL https://tempo.im/install.sh | sh. This pattern is highly insecure as it downloads and runs an unverified script directly in the shell with the user's permissions.- [EXTERNAL_DOWNLOADS]: The skill requires external software (Tempo CLI, Bun) and fetches ad content dynamically from https://agent-ads.yashatreya-ya.workers.dev during operation.- [COMMAND_EXECUTION]: The skill's scripts (setup.js, serve_ad.js, confirm_view.js, etc.) use execSync to invoke the tempo CLI tool. This mechanism is used to manage wallet state and perform network requests via shell commands.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ad display mechanism.
  • Ingestion points: Markdown ad content is fetched from a remote API in scripts/serve_ad.js.
  • Boundary markers: Delimiters like --- Sponsored Ad --- are suggested in documentation but not enforced by the scripts.
  • Capability inventory: The skill has the ability to execute shell commands and access crypto wallet functions via the tempo CLI.
  • Sanitization: There is no programmatic sanitization or filtering of the remote markdown content before it is displayed to the user.
Recommendations
  • HIGH: Downloads and executes remote code from: https://tempo.im/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 01:00 AM