Linux Privilege Escalation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains a command that fetches a remote script and pipes it directly to the shell:
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh. This allows for arbitrary code execution from a source that is not in the trusted repository list. - External Downloads (HIGH): The repository
carlospolop/PEASS-ngis an external, untrusted source. Downloading and executing scripts from unverified third-party repositories presents a severe security risk. - Command Execution (HIGH): The specific script being executed,
linpeas.sh, is a local privilege escalation tool designed to find and exploit system vulnerabilities, which is indicative of malicious intent or unauthorized system probing.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata