setup-experiment

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill directs the user to install the tpc CLI tool using a remote script from https://cli.promptingco.com/install.sh piped directly to bash. While the domain appears associated with the skill's author, this installation method is high-risk as it bypasses package integrity verification.
  • [EXTERNAL_DOWNLOADS]: The workflow involves fetching product documentation from arbitrary external URLs provided by the user to extract capabilities and generate experiment tasks.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the tpc CLI tool to create tasks, environments, experiments, and manage secrets. It also generates and writes task.json files which may contain executable judge scripts.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting and acting upon untrusted data from external product documentation.
  • Ingestion points: External documentation URLs provided by the user during the experiment context capture (workflows/setup-experiment.md).
  • Boundary markers: Absent; extracted content is immediately used to propose task candidates and draft prompts.
  • Capability inventory: Execution of CLI commands via tpc, including resource creation and experiment triggers (SKILL.md, workflows/setup-experiment.md).
  • Sanitization: None; the skill does not specify any filtering or validation for the content fetched from external URLs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.promptingco.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 06:01 PM
Security Audit — agent-trust-hub — setup-experiment