setup-experiment
Fail
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the user to install the
tpcCLI tool using a remote script fromhttps://cli.promptingco.com/install.shpiped directly to bash. While the domain appears associated with the skill's author, this installation method is high-risk as it bypasses package integrity verification. - [EXTERNAL_DOWNLOADS]: The workflow involves fetching product documentation from arbitrary external URLs provided by the user to extract capabilities and generate experiment tasks.
- [COMMAND_EXECUTION]: The skill makes extensive use of the
tpcCLI tool to create tasks, environments, experiments, and manage secrets. It also generates and writestask.jsonfiles which may contain executable judge scripts. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting and acting upon untrusted data from external product documentation.
- Ingestion points: External documentation URLs provided by the user during the experiment context capture (workflows/setup-experiment.md).
- Boundary markers: Absent; extracted content is immediately used to propose task candidates and draft prompts.
- Capability inventory: Execution of CLI commands via
tpc, including resource creation and experiment triggers (SKILL.md, workflows/setup-experiment.md). - Sanitization: None; the skill does not specify any filtering or validation for the content fetched from external URLs.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.promptingco.com/install.sh - DO NOT USE without thorough review
Audit Metadata