investment-analysis
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in the README and the standalone 'install.sh' script utilize a 'curl piped to bash' pattern to execute remote code from the author's GitHub repository (Hainrixz/maia-skill). While this resource is vendor-owned, the method bypasses manual review of the script's contents.
- [COMMAND_EXECUTION]: The 'SKILL.md' file defines workflow steps that execute shell commands to serve an interactive Next.js dashboard ('npm run dev') and perform file system maintenance by deleting older history files ('rm -rf').
- [EXTERNAL_DOWNLOADS]: Research agents defined in 'references/agent-prompts.md' use 'WebSearch' and 'WebFetch' tools to ingest live data and social sentiment from various third-party financial news and social media platforms.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted web content and incorporates it into reports without explicit sanitization. 1. Ingestion points: Sector research agents in 'references/agent-prompts.md' gather data via 'WebSearch' and 'WebFetch'. 2. Boundary markers: Absent in 'SKILL.md' when combining sector outputs into the 'REPORT_DATA' object. 3. Capability inventory: The skill can execute local development servers, write to the file system, and manage files via shell commands. 4. Sanitization: Absent during the token replacement step in 'SKILL.md' (Step 8), where raw JSON data is injected directly into an HTML template.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Hainrixz/maia-skill/main/install.sh - DO NOT USE without thorough review
Audit Metadata