damage-control
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the user to download installation scripts from astral.sh and bun.sh. Neither of these domains is included in the 'Trusted External Sources' whitelist, making them unverifiable dependencies.\n- REMOTE_CODE_EXECUTION (HIGH): The installation instructions for UV and Bun use dangerous patterns where remote code is fetched and executed immediately without verification (e.g.,
curl | shandirm | iex). This is a classic RCE vector that could lead to full system compromise if the delivery site or network connection is intercepted.\n- COMMAND_EXECUTION (MEDIUM): The skill configures PreToolUse hooks in the agent's settings. These hooks are scripts that execute logic every time the agent attempts to use a tool (Bash, Edit, or Write). While the stated purpose is protection, this capability allows for persistent interception and potential manipulation of all agent actions.\n- PRIVILEGE_ESCALATION (MEDIUM): The installation for Windows specifically instructs the agent to run PowerShell with-ExecutionPolicy ByPass, which is a technique used to circumvent security controls designed to prevent the execution of unauthorized scripts.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install, https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata