agent-collab-updater
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a remote manifest file (
manifest.json) from the author's GitHub repository (raw.githubusercontent.com/dev-goraebap/agent-collab) to identify available skill updates, renames, and deprecations. This is a well-known service used for legitimate vendor updates. - [COMMAND_EXECUTION]: Utilizes the
npx skillscommand-line tool via the Bash execution environment to add, update, and remove skill packages. The commands are generated dynamically based on comparisons between the remote manifest and local skill metadata. - [PROMPT_INJECTION]: Presents an indirect prompt injection surface where untrusted data from a remote source influences the execution of shell commands.
- Ingestion points: Processes a remote JSON manifest from GitHub and reads local
SKILL.mdfrontmatter from various installation directories. - Boundary markers: The workflow does not specify the use of delimiters or 'ignore embedded instructions' warnings when processing the manifest data before command construction.
- Capability inventory: Possesses the capability to execute shell commands (
npx skills) and access files in the~/.agents/and current project directories. - Sanitization: No explicit sanitization, validation, or escaping of the keys (skill names) or values retrieved from the remote manifest is described before they are passed as arguments to the
npx skillscommand.
Audit Metadata