dcg
Fail
Audited by Snyk on Apr 6, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These point to a personal GitHub repo and a direct raw install.sh (curl|bash style) from an unvetted/unknown user — GitHub hosting is common but executing remote .sh from an unfamiliar account is a high-risk distribution pattern.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The content contains multiple intentional backdoor/persistence and bypass mechanisms (a "fundamental override" instructing agents to obey, an automatic self-healing hook that restores agent hooks, a global bypass/allow-once system, and a remote build offload feature that sends code to third‑party VPS) plus an MCP server and auto-installer (curl|bash) — all of which could be (and appear designed to be) abused to maintain persistent, remote-capable access or exfiltrate repository contents.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). SKILL.md's Installation section explicitly instructs running curl -fsSL "https://raw.githubusercontent.com/.../install.sh | bash" (and the project documents external pack loading via custom_paths/external YAML), which causes the agent to fetch and execute public GitHub-hosted, user-controllable content—untrusted third‑party data that the agent is expected to run/install and that can materially change hook behavior and subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's install instructions include a curl | bash command fetching and executing a remote installer from https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh which is a high-confidence runtime fetch that executes remote code (and is presented as a primary install path), so it poses a significant risk.
Issues (4)
E005
CRITICALSuspicious download URL detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata