qmetry
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in
SKILL.mdinclude a command that pipes a remote shell script directly into the shell:curl -sSfL https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh | sh. This allows for unverified code execution from a remote source. - [EXTERNAL_DOWNLOADS]: The skill downloads resources from GitHub repositories (
jorgemuza/orbit,jorgemuza/tap,jorgemuza/scoop-bucket) during the installation process for theorbitCLI. - [COMMAND_EXECUTION]: All primary functions of the skill are implemented via shell commands using the
orbit(aliased asqm) utility. This includes project listing, folder management, and test case manipulation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from Jira issues to generate test cases. * Ingestion points: Data enters the agent context via the
orbit jira issue viewcommand. * Boundary markers: No delimiters or warnings are used to isolate the ingested Jira content from the agent's instructions. * Capability inventory: The skill can execute shell commands (orbit qm tc create) and interact with the QMetry API. * Sanitization: There is no evidence of sanitization or validation of the acceptance criteria before they are interpolated into test case creation commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata