Skills
skills/k1lgor/mega-mind-skills/rtk/Gen Agent Trust Hub

rtk

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides explicit instructions to download a binary from an untrusted GitHub organization (rtk-ai).
  • [REMOTE_CODE_EXECUTION]: The instructions direct the agent to download a file from a remote server, grant it execution permissions using chmod +x, and run it. This constitutes the execution of unverified remote code.
  • [COMMAND_EXECUTION]: The skill instructs the AI to wrap a vast array of standard development tools (git, cargo, npm, etc.) with the rtk binary. This gives the binary complete control over the arguments passed to these tools and the data they return.
  • [DATA_EXFILTRATION]: Because the tool proxies commands like git diff, git log, and cat (via rtk read), it has direct access to sensitive source code, environment configurations, and history. There is no verification of whether this data is sent to external servers or logged maliciously.
  • [METADATA_POISONING]: The skill incorporates the acronym 'RTK' and includes legitimate documentation for the 'Redux Toolkit' library. This appears to be a deceptive tactic to associate an untrusted binary with a well-known and safe software package.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 04:23 PM
Security Audit — agent-trust-hub — rtk