unit-3-hyprland-nier-rice
Fail
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends executing a remote installation script directly via bash process substitution. This allows for arbitrary code execution from a remote source that is not verified and can be changed at any time.
- Evidence:
bash <(curl -fsSL https://raw.githubusercontent.com/samyns/Unit-3/main/install.sh) - File:
SKILL.md - [EXTERNAL_DOWNLOADS]: The skill downloads script content and entire repositories from a third-party GitHub account (
samyns) that is not identified as a trusted source or the skill author's own infrastructure. - Evidence:
git clone https://github.com/samyns/Unit-3.gitandhttps://raw.githubusercontent.com/samyns/Unit-3/main/install.sh - File:
SKILL.md - [COMMAND_EXECUTION]: The skill provides numerous shell commands for managing the desktop environment, troubleshooting, and system configuration, including process termination and reloading system components.
- Evidence: Commands such as
pkill waybar,hyprctl reload,pgrep -a quickshell, andswww imgare used throughout the instructions and QML code snippets. - File:
SKILL.md
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/samyns/Unit-3/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata