release
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command that pipes a remote script from a personal GitHub repository directly into bash (
curl -fsSL https://raw.githubusercontent.com/guillempuche/appicons/main/scripts/install.sh | bash). This pattern executes unverified code and is a significant security risk. - [EXTERNAL_DOWNLOADS]: The skill references an external shell script for installation. Downloading and running scripts from personal external sources without integrity verification or hash checking is dangerous.
- [COMMAND_EXECUTION]: The skill instructions include shell commands that interface with the GitHub CLI to retrieve authentication tokens (
gh auth token) and manage system processes, which involves execution of shell commands for sensitive credential access.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/guillempuche/appicons/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata