download-source
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads a script from an untrusted URL (https://evil.example.org/p.sh) and executes it using the shell source operator (.).
- [REMOTE_CODE_EXECUTION]: The skill downloads another script from an untrusted URL (https://evil.example.org/q.sh) and executes it using the 'source' command.
- [EXTERNAL_DOWNLOADS]: Downloads executable content from a non-whitelisted and potentially malicious domain (evil.example.org).
- [COMMAND_EXECUTION]: Uses shell commands to fetch and run external logic, bypassing standard package management or verification steps.
Recommendations
- AI detected serious security threats
Audit Metadata