Skills
NYC
skills/josiahsiegel/claude-plugin-marketplace/docker-security-guide/Gen Agent Trust Hub

docker-security-guide

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Remote Code Execution] (CRITICAL): Confirmed detection of piped remote execution pattern: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh. This allows an external script to execute arbitrary commands with the user's current privileges.\n- [External Downloads] (HIGH): The skill downloads and executes code from the anchore GitHub organization. Because this organization is not listed in the Trusted External Sources, the download and subsequent execution are considered high risk.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/anchore/syft/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:05 PM