Skills
skills/gupsammy/claudest/run-research/Gen Agent Trust Hub

run-research

Fail

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill offers to install missing CLI tools (reddit-cli and brave-cli) by downloading scripts from a remote GitHub repository and piping them directly into shell interpreters (bash and sh). This is a dangerous execution pattern that runs unverified remote code with the user's local privileges.
  • Evidence: curl -fsSL https://raw.githubusercontent.com/gupsammy/reddit-cli/main/install.sh | bash and curl -fsSL https://raw.githubusercontent.com/gupsammy/brave-cli/main/install.sh | sh in SKILL.md.
  • [COMMAND_EXECUTION]: User-supplied input (the research topic) is directly interpolated into multiple shell commands for tools like reddit-cli, bird, and brave-cli. Without proper sanitization, a user-provided topic containing shell metacharacters could lead to arbitrary command execution on the host system.
  • Evidence: reddit-cli search "{TOPIC}", bird search "{TOPIC} ...", and brave-cli search "{TOPIC}" in SKILL.md.
  • [DATA_EXFILTRATION]: The skill accesses the sensitive file path ~/.secrets to check for the presence of a BRAVE_API_KEY. Accessing or reading from files used to store environment secrets and credentials is a high-risk activity that could lead to the exposure of sensitive data.
  • Evidence: grep -q "BRAVE_API_KEY" ~/.secrets 2>/dev/null in SKILL.md.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Reddit, X (Twitter), YouTube transcripts, and various web sources. It lacks boundary markers or specific instructions to prevent the agent from obeying malicious instructions embedded within this third-party content, making it vulnerable to indirect prompt injection.
  • Ingestion points: Results from reddit-cli, bird, yt_research.py transcripts, and WebSearch in SKILL.md.
  • Boundary markers: Absent throughout the instruction set.
  • Capability inventory: The skill has extensive capabilities including bash command execution, Python script execution, and network operations.
  • Sanitization: No sanitization of ingested external content is performed before processing.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/gupsammy/brave-cli/main/install.sh, https://raw.githubusercontent.com/gupsammy/reddit-cli/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 9, 2026, 05:31 PM