hook-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill is reported to use a
curl | bashpattern to execute a script fromhttp://example.com/script.sh. This is a high-risk operation that executes unverified remote code on the host system. - External Downloads (HIGH): The skill fetches executable content from an untrusted external domain (example.com), which lacks integrity verification.
- Command Execution (HIGH): Shell commands are executed through a pipe directly from a network source, bypassing local security review and integrity checks.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): http://example.com/script.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata