loom-crossplane
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions for the Crossplane CLI that download a script from
https://raw.githubusercontent.com/crossplane/crossplane/master/install.shand pipe it directly to the system shell (sh). This practice allows for arbitrary code execution from a remote source and is a major supply chain risk. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to fetch external software components using
curlandhelmduring the setup process. - [COMMAND_EXECUTION]: The skill uses the
sudocommand to move a binary to a restricted system path (/usr/local/bin/), which represents a privilege escalation finding. - [PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection. 1. Ingestion points: The skill uses
kubectl logsandkubectl describeinSKILL.mdto read potentially untrusted data from the Kubernetes cluster. 2. Boundary markers: No delimiters or isolation instructions are used to separate this external data from the agent's instructions. 3. Capability inventory: The skill is granted access to theBashtool, providing powerful system-level interaction. 4. Sanitization: No evidence of sanitization or validation of the ingested data is present in the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata