Skills
skills/posthog/posthog-foss/setup-web-tests/Gen Agent Trust Hub

setup-web-tests

Fail

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches a standalone Python binary distribution from the official astral-sh/python-build-standalone repository on GitHub. This is a well-known and trusted source for pre-built Python environments.
  • [COMMAND_EXECUTION]: The skill requires elevated privileges via sudo to perform the following system modifications:
  • Appends service hostnames (e.g., kafka, clickhouse) to the system-wide /etc/hosts file using sudo tee.
  • Installs system-level development libraries (libxml2-dev, libxmlsec1-dev, libxmlsec1-openssl) via sudo apt-get install.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from the local environment:
  • Ingestion points: Reads the pyproject.toml file to extract version constraints.
  • Boundary markers: No specific delimiters or safety instructions are provided to the agent regarding the content of pyproject.toml.
  • Capability inventory: The agent is instructed to perform network downloads (curl), file extraction (tar), and execute commands with administrative privileges (sudo).
  • Sanitization: While it uses a regex ([\d.]+) to extract versions, an attacker who can modify pyproject.toml could potentially influence the resulting shell commands or version detection logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 06:17 PM
Security Audit — agent-trust-hub — setup-web-tests