deeplake
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs the agent to download and execute an installation script directly from a remote URL using a piped shell command (
curl -fsSL https://deeplake.ai/install.sh | bash). This practice allows for arbitrary code execution from an external source without verification of the script's integrity by a package manager. - [COMMAND_EXECUTION]: The skill advises the use of
sudo apt-get install ffmpegfor installing system dependencies. Directing an agent to usesudofor administrative tasks introduces a risk of privilege escalation and potential system compromise. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading and ingesting data from external platforms such as HuggingFace (
_huggingfacekey) and other public dataset repositories, which may contain untrusted content. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of ingesting and processing content from external files and datasets.
- Ingestion points: The
client.ingest()method processes local files (videos, PDFs, images) and remote datasets (HuggingFace). - Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores commands or instructions embedded within the ingested data.
- Capability inventory: The skill is granted powerful tools including
Bash,Write,Edit, andWebFetchwhich could be exploited if malicious instructions are successfully injected via the data pipeline. - Sanitization: No validation or sanitization of the input data is documented before the content is passed into the processing pipeline.
Recommendations
- HIGH: Downloads and executes remote code from: https://deeplake.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata