gastown
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and install executable CLI tools from external GitHub repositories (github.com/steveyegge/gastown and github.com/steveyegge/beads) using the go install command.
- [COMMAND_EXECUTION]: Extensive use of the Bash tool with broad permissions (cmd:*) to perform system-level operations, including binary installation, directory creation at ~/gt, and process monitoring.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it is designed to ingest and act upon external data.
- Ingestion points: User-provided GitHub repository URLs and work item descriptions ('beads') as seen in references/examples.md.
- Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying commands found within the ingested data.
- Capability inventory: The skill utilizes Bash, Write, Edit, and WebFetch tools, providing a wide range of actions that could be abused by an injection.
- Sanitization: No mechanisms are described for validating or sanitizing the content of the repositories before processing.
Audit Metadata