Skills
skills/autumnsgrove/groveengine/cicd-automation/Gen Agent Trust Hub

cicd-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation includes multiple instances of the pattern curl -LsSf https://astral.sh/uv/install.sh | sh. This pattern is a critical security risk as it executes unverified code from a remote server directly on the host system.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The installer script is fetched from https://astral.sh. Because this domain is not included in the 'Trusted External Sources' list, it is treated as an untrusted source, which elevates the risk associated with the download.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:34 PM