Orchestration
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch its main instruction set (SKILL.md) from a remote server (ethskills.com) during installation and setup.
- [EXTERNAL_DOWNLOADS]: The setup instructions reference an external installation source hosted on a public GitHub repository (github.com/austintgriffith/ethskills).
- [REMOTE_CODE_EXECUTION]: The setup process involves installing a plugin via claude plugin install from a remote repository. This action downloads and potentially executes external code within the agent's operating environment.
- [COMMAND_EXECUTION]: The install.command executes curl to retrieve external content. Furthermore, the demo code explicitly utilizes deployment shell commands such as yarn fork, yarn deploy, and yarn ipfs-deploy.
- [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection by explicitly instructing the agent to ingest instructions from a remote URL (https://ethskills.com/orchestration/SKILL.md). 1. Ingestion points: catalog.json setup field and SKILL.md body. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via yarn and curl. 4. Sanitization: Absent.
Audit Metadata