openfoam-cfd
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in
SKILL.mdrequire piping a remote shell script directly into bash: `wget -O - https://dl.openfoam.com/add-debian-repo.sh | bash`. This pattern is highly susceptible to supply chain attacks or man-in-the-middle interceptions.
- [COMMAND_EXECUTION]: Multiple instructions in
SKILL.mdusesudofor system-level operations, including adding repositories and installing packages. Modifying repository lists and installing binaries with administrative privileges grants the skill excessive control over the environment. - [EXTERNAL_DOWNLOADS]: The skill fetches GPG keys and repository configuration scripts from external domains (
openfoam.org,openfoam.com) during the setup process. - [COMMAND_EXECUTION]: The skill documents and promotes the use of
codedFixedValueboundary conditions. This feature allows arbitrary C++ code to be compiled and executed at runtime by the OpenFOAM solver, representing a significant dynamic code execution capability. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection where untrusted user data can influence high-capability tool outputs.
- Ingestion points:
examples/scripts/generate_case.py(command-line arguments such as velocity and turbulence parameters) - Boundary markers: Absent; user-supplied values are directly interpolated into OpenFOAM dictionary files.
- Capability inventory: Shell command execution (
blockMesh,simpleFoam) and dynamic C++ code compilation/execution viacodedFixedValueboundary conditions. - Sanitization: Absent; there is no evidence of validation or escaping for inputs that are eventually written into executable or configuration files.
Recommendations
- HIGH: Downloads and executes remote code from: https://dl.openfoam.com/add-debian-repo.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata