downloading-pi-extensions
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to fetch code from arbitrary GitHub repositories using the 'gh download' command. This involves interacting with unvetted third-party sources.
- [REMOTE_CODE_EXECUTION]: By guiding the agent to download and load external extensions, the skill enables the execution of code from remote repositories. This is a core function of the skill but carries inherent risk if the source is compromised.
- [COMMAND_EXECUTION]: The skill utilizes the 'gh' CLI to perform network and file operations. Parameters for these commands are derived from external repository identifiers.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external repository data. 1. Ingestion points: 'gh download' in SKILL.md fetches content from arbitrary GitHub repositories. 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded prompts in the downloaded files. 3. Capability inventory: File system writes, network access via 'gh', and potential execution of build scripts. 4. Sanitization: No automated sanitization is present, though the skill advises manual review of the downloaded content.
Audit Metadata