skills/akillness/jeo-skills/compresso/Gen Agent Trust Hub

compresso

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation directs the agent to download application installers (.deb, .msi, .dmg) and AppImage bundles from a third-party GitHub repository (codeforreal1/compressO) that does not belong to a recognized trusted vendor.\n- [COMMAND_EXECUTION]: The instructions include high-risk shell commands such as chmod +x followed by direct execution of the downloaded binary (./CompressO_amd64.AppImage), which allows for the execution of unverified code on the host system.\n- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of external components via npx skills add from a remote repository (https://github.com/akillness/jeo-skills), creating a dependency on external code execution for full functionality.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — compresso