context-lake
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the rebyte-data binary from an external Amazon S3 bucket.- [REMOTE_CODE_EXECUTION]: Instructions direct the agent to download a binary from a remote source and execute it after modifying permissions with chmod +x.- [COMMAND_EXECUTION]: The skill attempts to install a binary into /usr/local/bin/, which is a system-level directory. This action typically requires elevated privileges and modifies the environment globally.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingestion. * Ingestion points: Local files (CSV, Parquet, JSON) via 'rebyte-data import' and organizational data via 'rebyte-data query'. * Boundary markers: Absent; no specific separators or instructions are provided to the agent to distinguish data from potentially embedded commands. * Capability inventory: The agent can query, import, and delete data using the rebyte-data tool. * Sanitization: Absent; the system relies on format inference without content sanitization.
Recommendations
- HIGH: Downloads and executes remote code from: https://cc-tools-binaries.s3.amazonaws.com/rebyte-data/rebyte-data-linux-amd64 - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata