cortex-setup
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill reads the
~/.claude/settings.jsonconfiguration file to check for existing Snowflake MCP servers. This file is a sensitive configuration store for the agent platform. - [COMMAND_EXECUTION]: On Windows systems, the skill executes PowerShell scripts using the
-ExecutionPolicy Bypassflag to allow installation scripts to run, which overrides standard system security settings. - [COMMAND_EXECUTION]: The skill searches the local filesystem using
findorGet-ChildItemand then executes the path returned by these commands. This represents a risk of executing unauthorized code if a malicious file is placed in a matching path. - [EXTERNAL_DOWNLOADS]: Clones the
snowflake-ai-kitrepository from the official Snowflake-Labs GitHub organization as part of the setup process. - [REMOTE_CODE_EXECUTION]: Executes an installation script (
install.shorinstall.ps1) provided by the Snowflake-Labs repository. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect injection by executing files found via filesystem search without sanitization.
- Ingestion points: Results from
findandGet-ChildItemcommands (SKILL.md). - Boundary markers: None identified.
- Capability inventory: Execution of arbitrary shell and PowerShell scripts (SKILL.md).
- Sanitization: No validation or verification of the found script's integrity or origin before execution.
Audit Metadata