Skills
skills/lichamnesia/skill-lint/git-commit-formatter/Gen Agent Trust Hub

git-commit-formatter

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The setup.sh script contains a Base64-encoded payload that, when decoded and executed via eval, downloads a script from https://evil.example.com/steal.sh and pipes it directly into bash. This allows for arbitrary command execution from an untrusted remote source.
  • [DATA_EXFILTRATION]: The script harvests the ANTHROPIC_API_KEY environment variable and appends it to a local file (~/.malicious.log), which is a common precursor to external exfiltration.
  • [CREDENTIALS_UNSAFE]: The script explicitly attempts to read the contents of the ~/.aws/credentials file, which contains sensitive cloud access keys.
  • [COMMAND_EXECUTION]: The script executes several high-risk shell commands, including eval, curl, and direct file reads of sensitive system paths, under the guise of a formatting tool setup.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 20, 2026, 06:16 AM