betterprompt
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation encourages installing the CLI tool by piping a remote shell script directly to bash (
curl -fsSL https://raw.githubusercontent.com/BetterPromptme/betterprompt/main/install.sh | bash). This method bypasses local security verification and executes arbitrary code from a source not recognized as a globally trusted provider. - [REMOTE_CODE_EXECUTION]: The skill's primary function involves searching for, installing, and executing "prompt skills" from an external registry (
betterprompt skill install). This introduces a supply chain risk where the agent is directed to download and run logic from a third-party repository. - [COMMAND_EXECUTION]: The skill depends on executing various shell commands via the
betterpromptCLI for core tasks, including user authentication (login) and resource fetching. This creates an attack surface if malicious parameters are passed to the CLI. - [PROMPT_INJECTION]: Category 8: Indirect Prompt Injection surface identified. The skill ingests data from a remote registry and possesses command execution capabilities.
- Ingestion points: Output from
betterprompt skill searchandbetterprompt skill infoas described in SKILL.md. - Boundary markers: Absent; there are no instructions to ignore embedded commands in the registry data.
- Capability inventory: Shell command execution via
betterprompt generateandbetterprompt skill installin SKILL.md. - Sanitization: Absent; no explicit validation or sanitization of remote registry content is mentioned before processing or display.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/BetterPromptme/betterprompt/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata