setup-workflow-skills
Fail
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads a shell script from a remote GitHub repository and pipes it directly into the bash interpreter (
curl -fsSL ... | bash). This occurs during the setup phase if the required CLI tool is missing.- [COMMAND_EXECUTION]: Executes system commands includingbd initfor project initialization andsedfor modifying the repository's.git/info/excludefile. It also usescommand -vto probe the environment for installed binaries.- [EXTERNAL_DOWNLOADS]: Fetches an installation script from an external source (raw.githubusercontent.com/gastownhall).- [PROMPT_INJECTION]: The skill'sissue-tracker.mdtemplate contains behavioral overrides using markers such as "CRITICAL" and "🚨". These instructions explicitly prohibit the use of standard agent tools (e.g.,TodoWrite,TaskCreate) and specific file patterns (MEMORY.md), effectively hijacking the agent's operational workflow in favor of a third-party tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/gastownhall/beads/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata