data-structure-protocol

Fail

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a Python script (dsp-cli.py) from an external GitHub repository (https://raw.githubusercontent.com/k-kolomeitsev/data-structure-protocol/main/skills/data-structure-protocol/scripts/dsp-cli.py). This repository belongs to an individual user and is not associated with an established technology provider or the skill's author ('ranbot-ai').
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the downloaded script using the local Python interpreter (python dsp-cli.py --root <project-root> <command>) to perform codebase mapping and management tasks.
  • [REMOTE_CODE_EXECUTION]: The combination of downloading an external script and executing it locally creates a remote code execution risk. This pattern lacks version pinning or integrity validation, meaning the code executed by the agent could be changed at the remote source at any time without user or platform oversight.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 05:00 PM
Security Audit — agent-trust-hub — data-structure-protocol