install-opend
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses system-level commands to detect environment details and manage software installation. This includes executing
uname,pgrep,defaults read, andfindto check OS versions and existing software installations. - [COMMAND_EXECUTION]: Executes administrative commands using
sudoon Linux systems (dpkg -i,rpm -ivh,apt-get install -f) to install software packages. - [REMOTE_CODE_EXECUTION]: Generates and executes dynamic scripts at runtime. It creates a PowerShell script (
install_opend.ps1) and runs it with-ExecutionPolicy Bypassto automate the download, extraction, and execution of Windows installers. - [REMOTE_CODE_EXECUTION]: Downloads and executes third-party installers (DMG, EXE, DEB, RPM) and scripts (
fixrun.sh) from remote servers to set up the development environment. - [EXTERNAL_DOWNLOADS]: Fetches software components from vendor-owned domains (
futunn.com,moomoo.com,softwaredownload.futunn.com) and utility sites (7-zip.org,github.com/ip7z/7zip). - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted data through the
$ARGUMENTSparameter (specifically the-pathvalue). This data is interpolated into shell and PowerShell script templates without instructions for sanitization or escaping, which could allow a malicious user to perform command injection by providing a crafted path string. - Ingestion points:
$ARGUMENTSinSKILL.md. - Boundary markers: Absent.
- Capability inventory:
Bash,Write, andpowershellexecution. - Sanitization: Absent; the instructions direct the agent to replace placeholders with raw input values.
Audit Metadata