skaffold-standards
Fail
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install a tool using the command 'curl -sfS https://dotenvx.sh | sh'. This is a high-risk pattern that executes an unverified script directly from a remote server into the system shell.
- [EXTERNAL_DOWNLOADS]: The skill downloads the installation script from 'https://dotenvx.sh', which is an external domain not recognized as a trusted organization or well-known service in the security policy.
- [COMMAND_EXECUTION]: The skill provides instructions to modify the user's shell configuration file ('~/.zshrc') to store environment variables and includes a bash script ('generate-secrets.sh') that programmatically creates Kubernetes secret manifests containing potentially sensitive information.
Recommendations
- HIGH: Downloads and executes remote code from: https://dotenvx.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata