100Critical
This skill executes remote scripts, is vulnerable
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Genkit Go: Genkit Go is an AI SDK for Go that provides generation, structured output, streaming, tool calling, prompts, and flows with a unified interface across model providers.
Actually does
This skill provides instructions and code examples for developing AI applications using the Genkit Go SDK. It details how to install the Genkit CLI by executing a script from `cli.genkit.dev`, run `genkit` commands to start a local developer UI on `localhost:4000`, execute defined flows, and access local documentation. The provided Go code demonstrates setting up a Genkit application that uses the `googlegenai` plugin to interact with Google AI models and serves flows via an HTTP server on `127.0.0.1:8080`.
Skill Info
Namefirebase/agent-skills/developing-genkit-go
Registrygithub
Versionbfd90c4c5ec5
PURLpkg:github/firebase/agent-skills@bfd90c4c5ec5#developing-genkit-go
Stars224
Installs455,628
Source
SHA-256f4b0322ec0a9...
SHA-17f2d9be3c387...
MD581e9c40e9c15...
TLSHd991f757d820...
ssdeep96:ikV5Wd3wS...
Size4,307 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
https://github.com/firebase/agent-skills/tree/main/skills/developing-genkit-go455,628 installs
Claude CodeDocs
/plugin marketplace add firebase/agent-skills/plugin install developing-genkit-go@firebase/agent-skills
Gemini CLIDocs
gemini extensions install https://github.com/firebase/agent-skills.git --consent
CursorDocs
Skills.shDocs
npx skills add https://github.com/firebase/agent-skills --skill developing-genkit-goAssessments (2)
AI Agent Traps ↗Supply Chain Risk via Remote Script Executioncriticalcommand execution
The skill instructs to download and execute a shell script directly from a remote URL (`cli.genkit.dev`), posing a critical supply chain risk if the remote server is compromised, leading to arbitrary code execution.
100% confidenceline 67
curl -sL cli.genkit.dev | bash
Local File Disclosure via 'genkit docs:read'lowreconnaissance
The `genkit docs:read` command allows reading local files, which could be abused for reconnaissance or local file disclosure if the file path is manipulated by an attacker.
80% confidenceline 85
genkit docs:read go/flows.md
Potential Prompt Injection Vulnerabilitymediumprompt injection
Examples show direct embedding of user-provided input into prompts for `genkit.GenerateText` and `genkit flow:run`, creating a potential prompt injection vulnerability if input is not sanitized.
90% confidenceline 78
ai.WithPrompt("Tell me a joke about %s", topic), genkit flow:run myFlow '{"data": "input"}'Version History (2)
Dependencies (1)
firebase.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/firebase/agent-skills/developing-genkit-go)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/firebase/agent-skills/developing-genkit-go"><img src="https://mondoo.com/ai-agent-security/api/badge/github/firebase/agent-skills/developing-genkit-go.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/firebase/agent-skills/developing-genkit-go.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow