blacksmith-testbox
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Installation of the Blacksmith CLI uses the
curl -fsSL https://get.blacksmith.sh | shpattern, which executes unverified remote scripts directly in the shell without integrity checks. - [REMOTE_CODE_EXECUTION]: The skill's primary functionality involves executing arbitrary commands on remote virtual machines via the
blacksmith testbox runcommand. - [COMMAND_EXECUTION]: User-provided parameters such as
<ID>,<command>, and<org-slug>are interpolated directly into shell command templates. This creates a risk of command injection if the agent does not properly sanitize these inputs. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes scripts from
get.blacksmith.sh, an external source that is not recognized as a trusted provider in this context. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the lack of input handling for external data.
- Ingestion points: User-supplied placeholders like
<command>,<ID>, and<org-slug>inSKILL.mdand repository content synchronized via rsync. - Boundary markers: Absent; instructions do not define delimiters or requirements for input validation.
- Capability inventory: Execution of shell commands both locally (
bun run testbox:run) and on remote environments (blacksmith testbox run). - Sanitization: No escaping, filtering, or validation is performed on the data before it is interpolated into executable commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.blacksmith.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata