skill-search
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads code from arbitrary GitHub repositories identified through search results without mandatory verification of the source's trustworthiness.
- [REMOTE_CODE_EXECUTION]: By installing external SKILL.md files and associated scripts into the '~/.claude/skills/' directory, the skill introduces new executable logic into the agent's runtime environment from untrusted origins.
- [COMMAND_EXECUTION]: Utilizes the 'Bash' tool to execute 'git clone', 'cp', and 'rm' commands, targeting sensitive user directories.
Recommendations
- AI detected serious security threats
Audit Metadata