Skills
skills/martinholovsky/claude-skills-generator/CI/CD Pipeline Security Expert/Gen Agent Trust Hub

CI/CD Pipeline Security Expert

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a piped remote execution pattern: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash). This method of execution is a severe security risk as it fetches and runs arbitrary code directly from an external server without integrity checks or version pinning.\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill attempts to download and execute scripts from the rhysd GitHub account. Since this user and repository are not included in the defined list of trusted sources, the action is classified as an untrusted external download, creating a supply chain vulnerability.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 13, 2026, 12:15 PM
Security Audit — agent-trust-hub — CI/CD Pipeline Security Expert