local-llm-setup
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts and system commands to manage background services. It specifically uses
launchd,systemd, andNSSMto install a routing proxy as a persistent daemon on the host operating system. - [EXTERNAL_DOWNLOADS]: The documentation indicates that the skill performs automated downloads of
llama-serverbinaries and model files from external sources. While specific URLs are not explicitly listed in the SKILL.md file, the intended functionality involves fetching and potentially executing third-party binary content. - [PROMPT_INJECTION]: The
run_agent.pyscript ingests external data, which creates a vulnerability to indirect prompt injection. - Ingestion points: Untrusted data enters the agent context via external code files (e.g.,
target.py) and persona definitions (e.g.,agents/refactor-expert.md). - Boundary markers: No delimiters or safety instructions are specified to prevent the agent from following commands embedded within the processed files.
- Capability inventory: The skill has the ability to write to the file system (e.g.,
output.md) and execute Python-based agent logic. - Sanitization: There is no mention of sanitization, validation, or filtering of the content ingested from external files before it is processed by the LLM.
Audit Metadata