Skills
skills/columnar-tech/skills/dbc/Gen Agent Trust Hub

dbc

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (CRITICAL): The skill explicitly instructs the agent to execute remote shell and PowerShell scripts using dangerous piping patterns: curl -LsSf https://dbc.columnar.tech/install.sh | sh and irm https://dbc.columnar.tech/install.ps1 | iex. These commands download and run code from an untrusted third-party domain without any signature or checksum verification.
  • Privilege Escalation (HIGH): The installation instructions for Windows include -ExecutionPolicy ByPass, which is a specific command to override local security policies that prevent the execution of untrusted scripts.
  • Unverifiable Dependencies (HIGH): The skill promotes the installation of the dbc tool via uv and pipx from an unverified author ("Columnar"). Without being in a trusted scope, this poses a risk of supply chain attack.
  • External Downloads (LOW): The skill references external documentation from GitHub and Apache. While the documentation sites themselves are reputable, they are used here to support the use of a tool installed via untrusted methods.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://dbc.columnar.tech/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 05:38 AM