Skills
skills/lichamnesia/skill-lint/tee-xargs/Gen Agent Trust Hub

tee-xargs

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses multiple patterns to download a shell script from an untrusted domain (evil.example.org) and execute it immediately. Evidence includes: piping curl output into tee with bash process substitution, using xargs to execute curl output via bash -c, and using eval or bash -c with command substitution of a curl request.- [EXTERNAL_DOWNLOADS]: The skill attempts to fetch executable content from an external, untrusted source (https://evil.example.org/p.sh).- [COMMAND_EXECUTION]: The skill triggers the execution of shell commands using bash and xargs to process and run remote payloads.
Recommendations
  • HIGH: Downloads and executes remote code from: https://evil.example.org/p.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 20, 2026, 06:16 AM
Security Audit — agent-trust-hub — tee-xargs