run-llms
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (CRITICAL): Detected piped remote execution: 'curl https://av.codes/get-harbor.sh | bash' in SKILL.md. This allows an untrusted external source to execute arbitrary code with the user's permissions.
- [Privilege Escalation] (HIGH): The skill requires 'sudo' for installation and instructs users to add themselves to the 'docker' group ('sudo usermod -aG docker $USER'), which is equivalent to granting root access.
- [Indirect Prompt Injection] (HIGH): High risk of exploitation via untrusted inputs. Evidence: 1. Ingestion: 'harbor profile use ' and 'harbor pull' from external repositories. 2. Boundary markers: None. 3. Capability: Full container access via 'harbor shell' and 'harbor exec', plus host-level Docker access. 4. Sanitization: None detected.
- [Persistence & Network Access] (MEDIUM): The 'harbor tunnel' command allows exposing local services to the internet, creating a potential callback mechanism. 'harbor profile use ' allows loading potentially malicious configurations from remote sources.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://av.codes/get-harbor.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata