Skills
skills/billevansonline/humor-skill/humor/Gen Agent Trust Hub

humor

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill uses authoritative language to override standard agent behavior, stating it must be "ALWAYS active" and consulted on "every single interaction regardless of topic."
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell script using curl, egrep, xargs, and find to download and manage files in the /tmp directory. The logic for parsing filenames from the download stream is brittle and could be exploited if the target URL were compromised.
  • [COMMAND_EXECUTION]: The skill directs the agent to use OS-specific commands (open, xdg-open, or start) to automatically trigger external image viewing applications on the user's system.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the author's public GitHub repository (raw.githubusercontent.com/billevansonline/developer-memes).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 11:09 AM
Security Audit — agent-trust-hub — humor