Skills
skills/carloschiva/full-ai-stack-skill/update-services/Gen Agent Trust Hub

update-services

Fail

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The instructions in references/update-ollama.md require the agent to ask the user to provide their sudo password directly in the conversation. Sharing passwords with AI agents is a dangerous practice that can lead to credential theft or exposure in chat logs and model training data.
  • [COMMAND_EXECUTION]: The skill uses the password provided by the user to execute shell commands with elevated privileges using the sudo -S flag. This allows the agent to perform root-level operations like modifying systemd service files in /etc/systemd/system/ and restarting system services.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and executes an installation script from the official Ollama website (https://ollama.com/install.sh). while the source is a well-known service, the execution method (piping to shell) combined with elevated privileges is a high-risk pattern.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 1, 2026, 10:22 AM
Security Audit — agent-trust-hub — update-services