self-improving
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill is designed to search and download content from the PRPM registry, which is an unverified external source not included in the trusted provider list.
- [REMOTE_CODE_EXECUTION] (HIGH): The command
prpm install <package-name> --as claudecombined with the workflow to 'load package knowledge' strongly implies the execution of third-party code or instructions from the remote registry. - [COMMAND_EXECUTION] (MEDIUM): The skill constructs and executes shell commands (
prpm search) using keywords derived from user prompts, creating a potential command injection surface. - [PROMPT_INJECTION] (HIGH): The skill exposes the agent to indirect prompt injection (Category 8). Malicious packages hosted on the PRPM registry can contain instructions designed to hijack the agent's behavior once 'loaded'. Evidence: 1. Ingestion Points: PRPM registry via
prpm install. 2. Boundary Markers: None mentioned for loaded knowledge. 3. Capability Inventory:prpm installand the ability to modify agent 'knowledge' and 'patterns'. 4. Sanitization: None; relies solely on metadata like download counts which are easily spoofed.
Recommendations
- AI detected serious security threats
Audit Metadata