Skills
skills/lichamnesia/skill-lint/env-wrap/Gen Agent Trust Hub

env-wrap

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to fetch a shell script from 'http://evil.example.org/p.sh' and pipe it directly into interpreters like bash and sh. This allows for arbitrary code execution from a remote source without any verification or review of the content.
  • [EXTERNAL_DOWNLOADS]: Fetches content from an untrusted external URL ('http://evil.example.org/p.sh').
  • [COMMAND_EXECUTION]: Uses elevated privileges ('sudo') to run remote scripts, which could lead to full system compromise. It also uses 'env' and 'nohup' wrappers to execute downloaded content as shell or Python scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 06:16 AM
Security Audit — agent-trust-hub — env-wrap