dbc
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill directs the agent to execute
curl -LsSf https://dbc.columnar.tech/install.sh | sh, which is a highly insecure pattern that runs unvetted remote scripts directly in a command shell. - [REMOTE_CODE_EXECUTION] (CRITICAL): For Windows, the skill uses
irm https://dbc.columnar.tech/install.ps1 | iex(Invoke-Expression), another critical risk that downloads and immediately executes remote code. - [COMMAND_EXECUTION] (HIGH): The Windows installation command explicitly includes
-ExecutionPolicy ByPass, which is used to circumvent built-in security protections that prevent the execution of unsigned or untrusted scripts. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on software from
columnar.tech, which is not a trusted source according to defined security policies, making it vulnerable to supply chain attacks or malicious redirects.
Recommendations
- HIGH: Downloads and executes remote code from: https://dbc.columnar.tech/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata