context-lake

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the rebyte-data binary from an external Amazon S3 bucket.- [REMOTE_CODE_EXECUTION]: Instructions direct the agent to download a binary from a remote source and execute it after modifying permissions with chmod +x.- [COMMAND_EXECUTION]: The skill attempts to install a binary into /usr/local/bin/, which is a system-level directory. This action typically requires elevated privileges and modifies the environment globally.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingestion. * Ingestion points: Local files (CSV, Parquet, JSON) via 'rebyte-data import' and organizational data via 'rebyte-data query'. * Boundary markers: Absent; no specific separators or instructions are provided to the agent to distinguish data from potentially embedded commands. * Capability inventory: The agent can query, import, and delete data using the rebyte-data tool. * Sanitization: Absent; the system relies on format inference without content sanitization.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cc-tools-binaries.s3.amazonaws.com/rebyte-data/rebyte-data-linux-amd64 - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 05:31 PM
Security Audit — agent-trust-hub — context-lake