Skills
skills/bankrbot/skills/Building Blocks/Gen Agent Trust Hub

Building Blocks

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The catalog.json file defines an install.command field that executes a shell command (curl -s https://ethskills.com/building-blocks/SKILL.md). This represents execution of shell logic during the installation phase.
  • [REMOTE_CODE_EXECUTION]: The setup section in catalog.json instructs the agent/user to install external plugins from unverified sources, specifically claude plugin install https://github.com/austintgriffith/ethskills. This facilitates the execution of remote code from a third-party repository.
  • [EXTERNAL_DOWNLOADS]: The skill points to and downloads data from external domains (ethskills.com and github.com/austintgriffith/*) that are not recognized as trusted or well-known technology providers.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by explicitly instructing the agent to read and follow guidelines from a remote URL (https://ethskills.com/building-blocks/SKILL.md).
  • Ingestion points: Remote markdown file at ethskills.com.
  • Boundary markers: None provided in the instructions to isolate the remote content.
  • Capability inventory: The skill allows shell command execution via curl and installation of external plugins.
  • Sanitization: No validation or sanitization is performed on the content retrieved from the external URL before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 01:18 PM
Security Audit — agent-trust-hub — Building Blocks