data-analysis-agent-business-intelligence
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions recommend executing remote scripts via piped shell commands:
curl -fsSL https://raw.githubusercontent.com/Zafer-Liu/Data-Analysis-Agent/main/install.sh | shandiwr -useb https://raw.githubusercontent.com/Zafer-Liu/Data-Analysis-Agent/main/install.ps1 | iex. These methods allow an untrusted third-party repository owner to execute arbitrary code on the user's system without any verification or oversight.\n- [EXTERNAL_DOWNLOADS]: The skill requires users to download software, release packages, and scripts from theZafer-Liu/Data-Analysis-AgentGitHub repository, which is not recognized as a trusted organization or well-known technology service.\n- [COMMAND_EXECUTION]: The skill architecture supports acode_executortool via the Model Context Protocol (MCP), enabling the agent to execute code locally. It also performs automated SQL generation and execution based on natural language queries; without strict validation, this interface poses a risk of indirect injection attacks against connected databases.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Zafer-Liu/Data-Analysis-Agent/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata