attestation
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions for the orbit CLI include a command that fetches a shell script from the author's GitHub repository and pipes it directly to the shell for execution (curl -sSfL https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh | sh).
- [EXTERNAL_DOWNLOADS]: The skill downloads the orbit binary and fetches attestation bundles from GitHub repositories during its execution workflow.
- [COMMAND_EXECUTION]: The skill executes orbit CLI commands to perform verification, inspection, and download tasks involving local and remote files.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of external attestation bundles (JSON/JSONL files).
- Ingestion points: Content from attestation bundles is read and returned to the agent context via the
orbit attestation inspectandorbit attestation verifycommands in SKILL.md. - Boundary markers: The skill does not define clear boundaries or instructions for the agent to disregard instructions embedded within the processed attestation data.
- Capability inventory: The skill has capabilities for network operations and file reading via the orbit CLI.
- Sanitization: No sanitization or validation of the text content within the bundles is described before it reaches the agent context.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh - DO NOT USE without thorough review
Audit Metadata