agentic-learning
Fail
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation (README.md) and the installation script (install.sh) promote a pattern of downloading and executing a remote shell script from the author's GitHub repository using
curl | bash. While this is a common installer pattern for this author's tools, it involves the execution of unverified remote code outside of a package manager. - [COMMAND_EXECUTION]: The skill requires the agent to perform file system operations, specifically reading from the project directory and writing logs or documentation to a
docs/subdirectory within the user's workspace. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads and processes arbitrary project files (e.g., in the
explain,quiz, andlearnactions) without using boundary markers or sanitization to prevent the agent from potentially following instructions embedded within the analyzed data. - Ingestion points: Project source code and documentation files are read by the agent in SKILL.md.
- Boundary markers: Absent. No delimiters or specific instructions are provided to the agent to treat file content as data only.
- Capability inventory: The agent has the ability to read and write files within the project workspace.
- Sanitization: Absent. File content is processed as-is without filtering or validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/FavioVazquez/agentic-learning/main/install.sh - DO NOT USE without thorough review
Audit Metadata