Skills
skills/taxue2025/taxue2025-skills/taxue-upgrade/Gen Agent Trust Hub

taxue-upgrade

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill implements an update mechanism that clones a repository from GitHub (https://github.com/taxueseek/taxueskills.git) and overwrites local skill directories. This allows for the introduction of unverified code into the agent's workflow, as the agent interprets these downloaded files as its own instructions.
  • [COMMAND_EXECUTION]: The skill executes various high-risk shell commands including rm -rf to delete local folders and cp -r to write new content to sensitive local paths such as ~/.config/agents/skills.
  • [EXTERNAL_DOWNLOADS]: The skill initiates network requests using curl and git to retrieve data and full repositories from raw.githubusercontent.com and github.com. These sources are external and not identified as trusted vendors.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 11:44 PM