ai-rules-cli
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches an installation script from the Block organization's official GitHub repository to set up the 'ai-rules' CLI tool.- [REMOTE_CODE_EXECUTION]: Executes the downloaded shell script via piping to bash to perform the CLI installation.- [COMMAND_EXECUTION]: Invokes the 'ai-rules' utility to manage repository-wide AI rules, including initialization, file generation, and synchronization status checks.- [PROMPT_INJECTION]: Processes local markdown files from the 'ai-rules/' directory to generate configuration for AI agents, presenting an attack surface for indirect prompt injection.
- Ingestion points: Rule source files (e.g., 'ai-rules/my-new-rule.md') within the local project directory.
- Boundary markers: Employs YAML frontmatter for metadata, but lacks explicit markers to prevent the agent from obeying instructions embedded within the rule content.
- Capability inventory: Performs file system writes (generating platform-specific instruction files) and executes the 'ai-rules' binary.
- Sanitization: No documented validation or sanitization is performed on the content of the processed rule files.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/block/ai-rules/main/scripts/install.sh - DO NOT USE without thorough review
Audit Metadata