Skills
skills/joelhooks/wzrrd/wzrrd-publish/Gen Agent Trust Hub

wzrrd-publish

Fail

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes an instruction to install a CLI tool using a high-risk pattern where a remote shell script is downloaded from https://wzrrd.sh/install.sh and piped directly to the bash shell (curl -fsSL ... | bash). This provides the remote server with full control to execute arbitrary code on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill initiates downloads from an external, non-trusted domain (wzrrd.sh) to obtain executable scripts and service configurations.
  • [DATA_EXFILTRATION]: The primary function of the skill is to transfer local files or entire directory structures from the user's environment to an external third-party infrastructure (wzrrd.sh). This constitutes a transfer of potentially sensitive local information to an external service.
  • [COMMAND_EXECUTION]: The skill directs the agent to execute several shell commands, including the wzrrd tool for publishing data, authenticating accounts (wzrrd login), and running system environment checks (wzrrd doctor).
Recommendations
  • HIGH: Downloads and executes remote code from: https://wzrrd.sh/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 19, 2026, 02:19 PM
Security Audit — agent-trust-hub — wzrrd-publish