discuss
Fail
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the vendor's GitHub repository at
https://raw.githubusercontent.com/codesoda/discuss-cli/main/install.shto set up the required CLI environment. - [REMOTE_CODE_EXECUTION]: The installation instructions direct the agent to pipe a remote script directly into a shell (
curl | sh). This is the primary method for deploying the vendor'sdiscusstool. - [COMMAND_EXECUTION]: The agent uses the
BashandMonitortools to execute thediscussbinary and perform network requests viacurlto interact with a local API endpoint on127.0.0.1. - [PROMPT_INJECTION]: The skill is designed to ingest and act upon external data, creating a surface for indirect prompt injection.
- Ingestion points: The skill reads markdown files via the
Readtool, accepts markdown content via stdin, and parses real-time JSON event streams (threads and replies) from thediscussprocess output. - Boundary markers: The instructions do not specify any delimiters or safety markers to separate untrusted markdown content or browser-generated thread text from the agent's internal instructions.
- Capability inventory: The skill utilizes
Bashfor shell execution,Monitorfor persistent process management, andcurlfor interacting with a web API, providing a significant functional surface if the agent is influenced by malicious content. - Sanitization: There is no evidence of sanitization or validation performed on the ingested markdown content or the event payloads before they are processed by the agent to generate 'takes'.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/codesoda/discuss-cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata