brief-write
Fail
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The instructions in
SKILL.mdinclude a template for the AI to provide users with a command that downloads and executes a script directly from the internet:curl -fsSL https://opencode.ai/install | bash. Piped remote execution from unverified sources is a major security risk. - [COMMAND_EXECUTION]: The skill explicitly includes shell commands (
bash) designed to be executed in the user's environment as part of its 'tutorial' style examples. - [EXTERNAL_DOWNLOADS]: The skill references an external domain
https://opencode.aifor script installation, which is not a recognized trusted vendor or well-known service. - [DATA_EXPOSURE]: Under the '参考资料' (References) section in
SKILL.md, the skill exposes an absolute local file path:/Users/fred/Documents/GitHub/cycleuser/blog. This reveals private directory structures and user information. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection:
- Ingestion points: The
/简写and/writecommands inSKILL.mdingest arbitrary user-provided text or topics. - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands in the input data.
- Capability inventory: While the skill doesn't ship with executable scripts, it provides templates for dangerous shell commands (
curl | bash) which could be manipulated if an attacker provides malicious input to the writing commands. - Sanitization: Absent. There is no evidence of input validation or escaping for the processed text.
Recommendations
- HIGH: Downloads and executes remote code from: https://opencode.ai/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata