dcg
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill implements a piped execution pattern ('curl | bash') targeting a script hosted at 'raw.githubusercontent.com/Dicklesworthstone/'. This allows for arbitrary remote code execution without any local validation or sandboxing.
- External Downloads (HIGH): The skill references an untrusted external source. As the user 'Dicklesworthstone' is not part of the trusted organizations list, the integrity of the downloaded script cannot be verified and can be changed maliciously at any time.
- Command Execution (HIGH): Automated scans detected the use of shell command interpolation within the download URL ('$(date)'). This technique is often used to bypass caches or obfuscate request logs, and demonstrates that the skill is designed to interact directly with the underlying system shell in an unsafe manner.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh?$(date - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata