Skills
skills/ancoleman/ai-design-components/security-hardening/Gen Agent Trust Hub

security-hardening

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The script scripts/scan-infrastructure.sh downloads and executes a Kubernetes manifest directly from raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml. As the aquasecurity organization is not in the trusted list, this constitutes an unverifiable remote code execution risk.
  • [COMMAND_EXECUTION] (HIGH): The script scripts/scan-infrastructure.sh performs privilege escalation using sudo to run lynis. It also executes docker-bench-security with high-privilege flags (--net host, --pid host, --cap-add audit_control), which allows the container to bypass host isolation.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill fetches resources from an external GitHub account (aquasecurity) not included in the predefined trusted scope.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:08 PM