convert-to-docker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): Automated security scanners (URLite) identified a blacklisted malicious URL within the skill's REQUIREMENTS.md file. This indicates a high risk of supply chain contamination or interaction with malicious infrastructure.
- [REMOTE_CODE_EXECUTION] (LOW): The skill utilizes 'curl | sh' to execute remote scripts from 'get.docker.com'. While the source is a recognized and trusted organization (downgrading this specific finding to LOW per security policy), the execution method itself is a high-risk pattern that bypasses integrity verification.
- [COMMAND_EXECUTION] (MEDIUM): Direct execution of unverified remote content via shell pipes represents a significant security risk, as it allows for arbitrary commands to be run with the agent's current privileges.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.docker.com - DO NOT USE
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata