evolution
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The 'hooks/README.md' file recommends downloading a script from 'https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh', which is an untrusted source not listed in the trusted organizations.
- [REMOTE_CODE_EXECUTION] (HIGH): The recommended installation method pipes a remote script directly into bash, bypassing security reviews and allowing arbitrary code execution during setup.
- [COMMAND_EXECUTION] (MEDIUM): The skill configures several bash scripts as persistent hooks in the agent environment. These hooks execute automatically and have the capability to perform broad filesystem and system operations.
- [PROMPT_INJECTION] (LOW): The hook scripts ingest and process tool inputs and outputs, creating a vulnerability to indirect prompt injection. 1. Ingestion points: 'hooks/post-bash.sh' (TOOL_OUTPUT) and 'hooks/pre-ui-edit.sh' (stdin). 2. Boundary markers: Absent. 3. Capability inventory: Persistent shell script execution and tool blocking. 4. Sanitization: Absent; tool data is evaluated using regular expressions without proper escaping or validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata