Skills
skills/fiberplane/claude-code-plugins/fp-plan/Gen Agent Trust Hub

fp-plan

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): Detected execution of a remote script using curl | sh. The URL https://setup.fp.dev/install.sh is fetched and piped directly into a shell, which bypasses all security reviews and allows the remote server to execute any command on the user's system.
  • External Downloads (HIGH): The domain setup.fp.dev is not on the list of trusted external sources. Executing content from unverified domains is a severe security risk.
Recommendations
  • HIGH: Downloads and executes remote code from: https://setup.fp.dev/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:14 PM