Skills
skills/yldgio/vibe-grimoire/boris/Gen Agent Trust Hub

boris

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill contains logic to check for version updates from an external domain 'howborisusesclaudecode.com'.
  • [REMOTE_CODE_EXECUTION]: The 'UPDATE CHECK' section instructs the agent to provide the user with a command ('curl -L -o ...') to download and replace the existing skill file with content from a remote server. This allows for the execution of unverified instructions and potential behavior modification via remote updates.
  • [COMMAND_EXECUTION]: The skill documentation includes examples of platform-specific hooks ('PostToolUse', 'PostCompact') that execute shell commands such as 'bun run format' and 'echo'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 09:28 AM