Skills
skills/cloudsen/eliteforge-skills/eliteforge-agent-doctor/Gen Agent Trust Hub

eliteforge-agent-doctor

Fail

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/bootstrap_env.py performs extensive shell command execution using subprocess.run. It invokes system package managers (apt-get, dnf, yum, pacman, zypper, brew, winget, choco) to install software.
  • [COMMAND_EXECUTION]: The skill attempts to acquire and use sudo privileges. It specifically probes for passwordless sudo (sudo -n true) and uses it to overwrite protected system files like /etc/hosts and perform system-wide package installations.
  • [EXTERNAL_DOWNLOADS]: The skill automates the installation of numerous external dependencies and internal tools at runtime, including pnpm, pre-commit, and vendor-specific CLIs (eliteforge-poseidon-cli, eliteforge-qingtui-cli).
  • [CREDENTIALS_UNSAFE]: The script reads and evaluates local configuration files that frequently contain sensitive information or credentials, such as ~/.npmrc, ~/.pip/pip.conf, and ~/.gitconfig (extracting user.name and user.email).
  • [PROMPT_INJECTION]: The script contains an indirect prompt injection surface by parsing the ## Environment Variables section of other SKILL.md files. It extracts user-controlled descriptions and reports them back to the agent context without sanitization, which could be used to influence the agent's logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 13, 2026, 04:34 PM