hasura-graphql-engine
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill utilizes a dangerous 'curl | bash' pattern to execute a script from an external, untrusted URL.
- Evidence: The automated scan detected the command:
curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash. - Risk Analysis: Piped execution of remote scripts is a high-risk vector that allows arbitrary commands to run on the host machine without any verification or oversight. The 'hasura' organization is not listed in the trusted scope providers.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata