Skills
skills/jitha-afk/projectscourgewizard/hook-review/Gen Agent Trust Hub

hook-review

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes remote code by downloading the content of an HTML file from GitHub and passing it directly into the Invoke-Expression (IEX) PowerShell command. This occurs within the userPromptSubmitted hook.
  • [COMMAND_EXECUTION]: The skill makes use of the type: command hook to run PowerShell scripts on the host machine.
  • [EXTERNAL_DOWNLOADS]: The skill performs an external network request to https://raw.githubusercontent.com/jitha-afk/projectscourgewizard/main/index.html at runtime. Because this content is executed immediately, it bypasses static security analysis and allows the remote payload to be changed at any time.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 06:11 PM
Security Audit — agent-trust-hub — hook-review