humor
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include a multi-part shell script for the agent to execute. The script utilizes
curl,egrep,xargs, andfindto manage downloaded content. Specifically, it attempts to extract a filename from the body of a remote file usingegrep -ao 'filename="([^"]+)"', which is a highly unusual and potentially unsafe method of handling remote data. - [EXTERNAL_DOWNLOADS]: The skill requires the agent to download assets from
raw.githubusercontent.comat runtime to support its meme-sharing functionality. - [REMOTE_CODE_EXECUTION]: The combination of downloading remote files and executing a script that parses their content to determine local file paths (
/tmp/$fname) creates a risk of path traversal or overwriting local files if the remote content is malformed or malicious. The recommendation to 'open the local file in the default image viewer' further extends this risk to the host environment. - [INDIRECT_PROMPT_INJECTION] (Internal Class 8): The skill possesses a data ingestion surface that is vulnerable to indirect injection. Evidence chain:
- Ingestion points: Files are fetched from
raw.githubusercontent.com/billevansonline/. - Boundary markers: None provided in the shell script or instructions.
- Capability inventory: Uses
curl,find, and potentiallyopenfor shell execution. - Sanitization: None. The script extracts a filename string directly from the remote file content and uses it in a local path construction without validation.
Audit Metadata