build-skills
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The instructions in 'references/remote-sources.md' and the utility script 'references/skill-research.sh' prompt the agent to install a CLI tool by executing 'curl -fsSL https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh | bash'. Piped-to-bash execution of remote scripts is a high-risk pattern that executes unverified code with the user's permissions.
- [COMMAND_EXECUTION]: The skill provides 'references/skill-research.sh', a bash script meant to be executed by the agent to automate discovery and downloading. This script performs network operations and calls external binaries like 'skill-dl'.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch third-party agent skills from 'playbooks.com'. Downloading and processing arbitrary content from external repositories poses a risk of introducing malicious or malformed data into the environment.
- [PROMPT_INJECTION]: The skill's primary function is to read, compare, and synthesize content from third-party skills, which presents a surface for indirect prompt injection. 1. Ingestion points: Downloading external skills via 'skill-dl' and reading them into the agent's context (referenced in 'references/research-workflow.md'). 2. Boundary markers: None specified; the agent is instructed to read the downloaded files directly without isolation. 3. Capability inventory: Execution of shell scripts, network operations via 'curl', and file system writes during the synthesis phase. 4. Sanitization: No filtering or validation of the downloaded skill content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata