Skills
skills/jamie-bitflight/claude_skills/bash-logging/Gen Agent Trust Hub

bash-logging

Fail

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PRIVILEGE_ESCALATION]: The script scripts/log_functions.sh includes a run_as_root function that attempts to use sudo to execute commands with administrative privileges if the script is not already running as root.
  • [REMOTE_CODE_EXECUTION]: The install_gum function in scripts/log_functions.sh modifies the host system's package management configuration (apt). It adds a third-party repository (https://repo.charm.sh/apt/) and installs binary software (gum). Crucially, it uses the [trusted=yes] flag, which explicitly disables GPG signature verification for that repository, exposing the system to tampered or malicious packages.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to external domains, specifically fetching a GPG key from https://repo.charm.sh/apt/gpg.key during the package installation process.
  • [COMMAND_EXECUTION]: The library provides functions such as do_step_task and log_execute_task that take arbitrary strings as input and execute them as shell commands. This capability, while intended for logging build steps, allows for the execution of any system command.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 28, 2026, 12:17 AM