agenticskills

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download a script from a remote URL and pipe it directly to a shell interpreter (e.g., curl | bash). This pattern allows for the execution of arbitrary remote code on the local system.
  • Evidence: Multiple instructions in SKILL.md such as curl -fsSL https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.sh | bash and environment-prefixed variants.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve an installation script from an external repository.
  • Evidence: Fetches resources from https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.sh as documented in SKILL.md and the frontmatter installer field.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run the installer and perform verification checks on the local filesystem.
  • Evidence: Use of bash, ls, and environment variable configuration in the installation and verification steps in SKILL.md.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — agenticskills