penetration-testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (HIGH): The skill is designed to fetch remote content and execute it using a system subprocess, a pattern typically used for dynamic updates or remote administration but frequently exploited for malicious purposes.
- Evidence: Detected pattern involving 'requests.get' with a 'file' parameter followed by subprocess execution.
- Risk: Because the execution occurs at runtime using code from an external source, it bypasses security reviews and allows an attacker to execute arbitrary commands on the host machine.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata