Skills
skills/vlm-run/skills/mm-cli-skill/Gen Agent Trust Hub

mm-cli-skill

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation suggests installation via curl | sh and irm | iex using scripts hosted on vlm-run.github.io. This pattern executes remote code directly in the shell environment without verifying its integrity.
  • [COMMAND_EXECUTION]: The CLI tool supports the --encode.pyfunc flag and YAML-based pipeline configurations that enable the execution of arbitrary Python code within the agent's environment.
  • [COMMAND_EXECUTION]: The skill implements a plugin-like system that automatically discovers and executes Python scripts found in specific local configuration directories (e.g., ~/.config/mm/encoders/).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: Processes multimodal content from local directories (PDFs, images, videos, etc.). Boundary markers: No documented use of delimiters or instructions to ignore embedded content. Capability inventory: Includes directory tree exploration and dynamic Python code execution. Sanitization: No explicit validation or sanitization of content extracted from files before it is processed by the model.
Recommendations
  • HIGH: Downloads and executes remote code from: https://vlm-run.github.io/mm/install/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 08:20 AM