skills/akillness/jeo-skills/upskill/Gen Agent Trust Hub

upskill

Fail

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes a remote script piped directly to bash from the HKUDS/Upskill repository.
  • Evidence: curl -sSL https://raw.githubusercontent.com/HKUDS/Upskill/main/cc-integration/install.sh | bash -s -- --remote is used in both SKILL.md and scripts/install.sh.
  • [COMMAND_EXECUTION]: The skill frequently invokes shell commands to manage its environment, including installing external dependencies and modifying system-wide configuration.
  • Evidence: scripts/install.sh uses npx to globally install skills and executes local shell scripts like install.sh and upskill-build.sh to perform core logic.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted session data to influence future agent instructions.
  • Ingestion points: The upskill-build command reads session.log and metadata.txt from previous sessions (found in references/commands.md).
  • Boundary markers: None mentioned for the teacher model's analysis of failure trajectories.
  • Capability inventory: The skill has access to Bash, Read, Write, Edit, and WebFetch tools.
  • Sanitization: No evidence of sanitization or filtering of the session logs before they are processed by the "Teacher" model to generate new SKILL.md instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/HKUDS/Upskill/main/cc-integration/install.sh, https://raw.githubusercontent.com/HKUDS/Upskill/${UPSKILL_REF}/cc-integration/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 3, 2026, 06:40 AM
Security Audit — agent-trust-hub — upskill