Skills
skills/casemark/legal-plugin/setup/Gen Agent Trust Hub

setup

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): Both the documentation and the included setup script use a piped execution pattern ('curl | sh') to install software. Evidence: 'curl -fsSL https://raw.githubusercontent.com/CaseMark/homebrew-casedev/main/install.sh | sh'. This is a high-risk pattern when the source is not a pre-verified trusted organization.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads content from the 'CaseMark' GitHub organization. Because this organization is not on the trusted sources list, the download retains high severity.
  • COMMAND_EXECUTION (MEDIUM): The 'scripts/setup.sh' file executes shell commands and system package managers (Homebrew) to alter the environment, which requires elevated trust in the author.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/CaseMark/homebrew-casedev/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 22, 2026, 05:42 AM