Skills
skills/encoredev/skills/encore-getting-started/Gen Agent Trust Hub

encore-getting-started

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill uses curl | bash (Linux/WSL) and iwr | iex (PowerShell) to install the Encore CLI. This allows for immediate execution of remote code. Per the primary purpose of the skill, the severity is adjusted from CRITICAL to HIGH.
  • EXTERNAL_DOWNLOADS (HIGH): Downloaded content comes from encore.dev, which is not on the trusted sources list.
  • COMMAND_EXECUTION (MEDIUM): The skill guides the user to run CLI commands like encore run and encore test, which execute local code as part of the framework's normal operation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://encore.dev/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:17 PM