Skills
skills/kehwar/skills/setup-workflow-skills/Gen Agent Trust Hub

setup-workflow-skills

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file SKILL.md instructs the agent to execute a script using the curl | bash pattern: curl -fsSL https://raw.githubusercontent.com/gastownhall/beads/main/scripts/install.sh | bash. This allows for unverified remote code execution from an untrusted source.\n- [EXTERNAL_DOWNLOADS]: The skill downloads an installation script and multiple markdown templates from the gastownhall GitHub repository, which is not identified as a trusted vendor or well-known technology service.\n- [COMMAND_EXECUTION]: The skill directs the agent to run various system and tool commands, including binary detection with command -v bd, tool initialization with bd init, and repository state management using git add, git commit, and git push.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/gastownhall/beads/main/scripts/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 05:56 PM