Skills
skills/smallnest/goclaw/coding-agent/Gen Agent Trust Hub

coding-agent

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The README.md file recommends installing the Kiro CLI tool using a high-risk remote execution pattern.
  • Evidence: curl -fsSL https://cli.kiro.dev/install | bash in README.md.
  • [PROMPT_INJECTION]: The skill provides instructions that explicitly bypass the safety protocols and user confirmation prompts of the underlying AI agents.
  • Evidence: The skill instructs the agent to use --trust-all-tools for Kiro CLI to skip confirmation prompts and --yolo for Codex, which is described as having "NO sandbox, NO approvals (fastest, most dangerous)" in SKILL.md.
  • The agent is encouraged to use mktemp -d && git init to bypass Codex's restriction against running in untrusted directories.
  • [COMMAND_EXECUTION]: The skill relies on the bash tool to execute arbitrary shell commands for launching various third-party coding agents.
  • Evidence: Multiple instances of bash pty:true command:"..." across SKILL.md for running kiro-cli, claude, codex, opencode, and pi.
  • [EXTERNAL_DOWNLOADS]: The skill references and installs external software from third-party repositories and domains.
  • Evidence: Downloads from https://cli.kiro.dev/install and installation of the Node.js package @mariozechner/pi-coding-agent.
  • [DATA_EXFILTRATION]: While no direct exfiltration is present, the coding agents are granted broad read/write access to the user's filesystem (workdir), which creates a significant risk if the agent is influenced by indirect prompt injection from analyzed code.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.kiro.dev/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 10:38 PM