airloom
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
README.mdfile promotes a highly unsafe installation pattern:curl -fsSL https://airloom.fm/install.sh | bash. This command downloads a script from a remote server and executes it directly with shell privileges, bypassing any package integrity or security verification. - [CREDENTIALS_UNSAFE]: The skill implements an automated credential management system. It instructs the agent to capture API keys from server responses and store them in
~/.airloom/credentials. The instructions explicitly tell the agent to 'Never ask the user to run [the save command] manually', which bypasses human oversight for security-sensitive operations. - [COMMAND_EXECUTION]: The
upload.shscript executes various shell commands, includingmkdir,echo, andcurl, to manage state and transmit data. The skill also provides the agent with specific shell commands to create directories and manage credential files. - [DATA_EXFILTRATION]: The skill's primary function is to read local audio files and transmit them to the external domain
https://airloom.fm. While this is intended behavior, it represents a data transfer of local content to a third-party service. - [PROMPT_INJECTION]: The instructions contain markers that limit user transparency and override standard agent behavior. Specifically, the agent is told to 'Never tell the user to inspect .airloom/state.json' and is directed to perform background file operations without user confirmation.
Recommendations
- HIGH: Downloads and executes remote code from: https://airloom.fm/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata