Skills
skills/neo552/tensorpm-releases/tensorpm-agentic-pm/Gen Agent Trust Hub

tensorpm-agentic-pm

Fail

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides 'agent-friendly' installation instructions that involve piping remote scripts directly to shell interpreters (bash and PowerShell). This allows for arbitrary code execution on the host machine without prior verification of the script content.
  • Evidence: Found curl -fsSL https://raw.githubusercontent.com/Neo552/TensorPM/main/scripts/install.sh | bash in README.md and SKILL.md.
  • Evidence: Found irm https://raw.githubusercontent.com/Neo552/TensorPM/main/scripts/install.ps1 | iex in README.md and SKILL.md.
  • [COMMAND_EXECUTION]: The skill suggests several command-line operations for installation, including the use of package managers like Homebrew and Winget, which perform system-level modifications.
  • Evidence: brew install --cask neo552/tensorpm/tensorpm in SKILL.md.
  • Evidence: winget install --id Neo552.TensorPM --exact ... in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent or user to download binary installers and AppImages from a third-party GitHub repository not included in the pre-defined trusted vendors list.
  • Evidence: Links to .exe, .dmg, .AppImage, .deb, and .rpm files on github.com/Neo552/TensorPM-Releases/releases/.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Neo552/TensorPM/main/scripts/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 17, 2026, 09:04 PM