Skills
skills/linuz90/gists.sh/gists-sh/Gen Agent Trust Hub

gists-sh

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to automatically execute a shell command (curl -s https://gists.sh/{user}/{id} > /dev/null) upon the creation of a GitHub Gist to "warm the server cache."
  • [DATA_EXFILTRATION]: The automated network request sends Gist metadata (username and Gist ID) to an external domain (gists.sh) that is not part of the trusted vendors list. This allows the external service to track user-generated content and access patterns without explicit user consent for each request.
  • [EXTERNAL_DOWNLOADS]: The skill promotes and interacts with an unverified third-party service (gists.sh) that is not recognized as a well-known service or trusted organization, introducing risk when processing sensitive or private information stored in Gists.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 09:48 AM