skills/akillness/jeo-skills/strix/Gen Agent Trust Hub

strix

Fail

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill performs piped remote code execution by downloading a shell script from https://strix.ai/install and piping it directly to bash. This is implemented in scripts/install.sh and described as the primary setup method in SKILL.md, SKILL.toon, and references/commands.md.
  • [EXTERNAL_DOWNLOADS]: The skill downloads binaries and scripts from strix.ai and pulls container images from the GitHub Container Registry (ghcr.io/usestrix/strix-sandbox), a well-known service.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute operational scripts including scripts/install.sh, scripts/run-scan.sh, and scripts/ci-scan.sh, which in turn manage the strix CLI and docker environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its processing of untrusted targets and instruction files. 1. Ingestion points: Untrusted data enters via the --target, --instruction, and --instruction-file parameters in scripts/run-scan.sh and scripts/ci-scan.sh. 2. Boundary markers: The skill does not implement delimiters or protective instructions to isolate potentially malicious embedded instructions in target codebases. 3. Capability inventory: The skill can execute shell commands, perform network operations, and access local files through the strix CLI. 4. Sanitization: No input validation or sanitization is applied to arguments before they are passed to the shell for execution.
Recommendations
  • HIGH: Downloads and executes remote code from: https://strix.ai/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — strix