specops
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's update and version display protocols fetch content from a remote GitHub repository and pipe it directly to bash or python3 for execution. This allows for arbitrary code execution from an external source. Evidence includes commands like 'curl -fsSL https://raw.githubusercontent.com/sanmak/specops/v{latest}/scripts/remote-install.sh | bash'.
- [EXTERNAL_DOWNLOADS]: The skill performs automated network requests to GitHub domains to fetch update scripts and release metadata. Specifically, it targets 'api.github.com' and 'raw.githubusercontent.com'.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run various system utilities including git, grep, and sed for state management and codebase analysis. It also executes inline Python scripts to perform AST parsing on local files.
- [PROMPT_INJECTION]: The skill processes untrusted content from the user's project codebase, including configuration and steering files. This represents an indirect prompt injection risk as malicious instructions could be embedded in the processed data, despite the skill's internal 'Convention Sanitization' logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.github.com/repos/sanmak/specops/releases/latest, https://raw.githubusercontent.com/sanmak/specops/v{latest}/scripts/remote-install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata