Skills
skills/bagelhole/devops-security-agent-skills/ollama-stack/Gen Agent Trust Hub

ollama-stack

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation includes the command curl -fsSL https://ollama.com/install.sh | sh. This 'piped to shell' pattern allows an external script from an untrusted domain to execute arbitrary code on the user's machine without any verification or oversight.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The installer is sourced from ollama.com, which is not on the list of Trusted External Sources. This requires manual verification of the site's security and the script's integrity.
  • [COMMAND_EXECUTION] (LOW): The skill guides the user to run local system commands like ollama serve and ollama pull, which interact with the host environment to manage background processes and file storage.
Recommendations
  • HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 07:33 PM