use-skill-dl-util
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the
skill-dlutility by piping a remote shell script directly into bash (curl -fsSL https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh | bash). This practice executes unverified remote code on the system. While the repository belongs to the skill author, the execution method bypasses standard security reviews of the script content.\n- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by downloading and analyzing instruction files (SKILL.md) from third-party repositories.\n - Ingestion points: External skills are downloaded into the
./corpusdirectory from playbooks.com.\n - Boundary markers: There are no delimiters or explicit instructions to the agent to ignore embedded commands within the downloaded content.\n
- Capability inventory: The agent uses tools like
find,cat, andgrepto inspect files and is instructed to read the instructional content of downloaded skills fully.\n - Sanitization: No sanitization or validation is performed on the downloaded markdown files before they are read by the agent.\n- [COMMAND_EXECUTION]: The skill relies on complex shell pipelines and the use of
xargsto perform batch operations, which could be susceptible to injection if search results contain malicious characters.\n- [EXTERNAL_DOWNLOADS]: The skill's primary purpose is to fetch data and scripts from external sources, including GitHub and playbooks.com.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh - DO NOT USE without thorough review
Audit Metadata