allium-x402
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to download a shell script from a remote server and pipe it directly into a shell interpreter (
curl -sSL http://agents.allium.so/cli/install.sh | sh). This is a critical security risk as it allows for arbitrary code execution on the host system from an unverified source. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch secondary markdown files containing further instructions from a remote domain (
agents.allium.so) during execution. This dynamic loading of instructions from an external source bypasses static analysis and introduces risks of content tampering. - [COMMAND_EXECUTION]: The skill relies on the execution of a locally installed command-line interface tool (
allium). Since this tool is installed via a remote script, its behavior is governed by the external script provider. - [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection by ingesting untrusted data from external URLs.
- Ingestion points: Instruction sets are fetched from
https://agents.allium.so/skills/x402-setup.md,x402-developer.md, andx402-explorer.md. - Boundary markers: There are no delimiters or explicit instructions provided to the agent to disregard or treat the fetched content as data rather than instructions.
- Capability inventory: The skill possesses the ability to execute system commands via the
alliumCLI. - Sanitization: There is no evidence of validation, escaping, or filtering of the content retrieved from the remote URLs before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: http://agents.allium.so/cli/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata