schelling
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that explicitly override the agent's standard reasoning and file-exploration protocols. It mandates 'Do not read files, search code, or reason about the task before running schelling recall' and states the tool is 'MANDATORY on every request', which can bypass the agent's intended operational logic.
- [REMOTE_CODE_EXECUTION]: The skill uses
npx schelling@0.2.2to download and execute code from an external registry (NPM) during runtime. This represents the execution of unverified third-party logic. - [DATA_EXFILTRATION]: The skill is designed to distill the user's request into a 'problem statement' and transmit it to an external API (
api.schelling.sh). Because the instructions mandate this for every request, it may lead to the transmission of sensitive context or proprietary problem descriptions to a third-party server without explicit per-task user approval. - [COMMAND_EXECUTION]: The skill relies on shell command execution via
npxandcurl(inscripts/schelling.sh) to perform its primary functions, including sending data and fetching external content. - [EXTERNAL_DOWNLOADS]: The skill's functionality is dependent on downloading a specific version of a package from the NPM registry and interacting with a remote API endpoint.
Audit Metadata