gangtise-copilot
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads 19 external skills bundled in 4 ZIP archives from a remote Huawei Cloud OBS bucket and fetches its own components from GitHub via API calls.
- [REMOTE_CODE_EXECUTION]: The installation process involves unzipping and symlinking executable Python and shell scripts obtained from remote servers, which are integrated into the agent's environment for runtime execution.
- [COMMAND_EXECUTION]: The skill requires the execution of multiple local shell scripts that perform systemic changes, including file system modifications and active network verification calls to open.gangtise.com.
- [CREDENTIALS_UNSAFE]: The configuration script handles accessKey and secretAccessKey credentials, storing them in plaintext within local JSON files (~/.config/gangtise/authorization.json) and creating symlinks across various skill directories, which increases the credential exposure surface.
- [PROMPT_INJECTION]: The skill installs components that ingest untrusted data from web searches and internal knowledge bases, creating an indirect prompt injection surface.
- Ingestion points: External data enters through scripts like scripts/kb.py and scripts/web.py within the installed skill suite.
- Boundary markers: No explicit boundary markers are used at the wrapper level to separate retrieved data from agent instructions.
- Capability inventory: The suite of skills has the ability to perform network requests, file writes, and process data into research reports.
- Sanitization: The wrapper does not implement sanitization or validation logic for the content retrieved from external sources.
Audit Metadata