ollama
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill executes a remote script using a piped shell command, a highly dangerous practice.
- Evidence: The automated scan detected the command
curl -fsSL https://ollama.com/install.sh | sh. - Risk: This pattern allows the external server at ollama.com to execute arbitrary commands on the host machine. Since ollama.com is not in the list of trusted external sources, this execution is unverified and poses a critical security risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata