Skills
skills/julianobarbosa/claude-code-skills/senhasegura-skill/Gen Agent Trust Hub

senhasegura-skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): Multiple CI/CD workflow files (Azure Pipelines, GitHub Actions, and GitLab CI) download a binary directly from a non-trusted GitHub repository (github.com/senhasegura/dsmcli) without any checksum or signature verification.\n
  • Evidence: curl -LO https://github.com/senhasegura/dsmcli/releases/latest/download/dsm-linux-amd64 in samples/ci-cd/azure-pipelines.yaml, samples/ci-cd/github-actions.yaml, and samples/ci-cd/gitlab-ci.yaml.\n- [REMOTE_CODE_EXECUTION] (HIGH): The scripts grant execution permissions to the downloaded binary and execute it immediately, which is a classic remote code execution vector if the download source or transit is compromised.\n
  • Evidence: chmod +x dsm-linux-amd64 followed by dsm --version and dsm runb across the CI/CD samples.\n- [COMMAND_EXECUTION] (HIGH): The installation process for the DSM CLI uses sudo to move the binary into system-level directories (/usr/local/bin). This is an unnecessary privilege escalation in CI environments where local bin directories or path modifications are preferred.\n
  • Evidence: sudo mv dsm-linux-amd64 /usr/local/bin/dsm in samples/ci-cd/azure-pipelines.yaml and samples/ci-cd/github-actions.yaml.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:35 AM