agenticskills
Fail
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download a script from a remote URL and pipe it directly to a shell interpreter (e.g.,
curl | bash). This pattern allows for the execution of arbitrary remote code on the local system. - Evidence: Multiple instructions in
SKILL.mdsuch ascurl -fsSL https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.sh | bashand environment-prefixed variants. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve an installation script from an external repository.
- Evidence: Fetches resources from
https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.shas documented inSKILL.mdand the frontmatterinstallerfield. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to run the installer and perform verification checks on the local filesystem. - Evidence: Use of
bash,ls, and environment variable configuration in the installation and verification steps inSKILL.md.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata