zeude
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation provides a command to fetch a shell script from a remote URL (
https://raw.githubusercontent.com/zep-us/zeude/main/install.sh) and pipe it directly intobash. This pattern bypasses manual review of the script's contents and executes code from a repository that is not part of the established vendor ecosystem for this skill. - [COMMAND_EXECUTION]: The skill utilizes a 'Zeude Shim' designed to intercept and wrap the primary CLI commands. This mechanism could potentially be used to monitor user input or modify command behavior without explicit oversight.
- [INDIRECT_PROMPT_INJECTION]: The skill implements hooks (
UserPromptSubmit) that analyze user prompts at runtime to deliver context-aware suggestions. This creates an ingestion surface where untrusted data (the prompt) is processed to determine agent actions (skill deployment). - Ingestion points: User prompts via hook analysis.
- Boundary markers: None specified in the instructions.
- Capability inventory: Access to
Bash,Write,Read, and the ability to sync configurations to~/.claude/. - Sanitization: No evidence of sanitization or intent-validation for the processed prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/zep-us/zeude/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata