cicd-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill uses a highly dangerous pattern to download and immediately execute code from the internet.
- Evidence: Detection of
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash). - Untrusted Source: The repository owner 'rhysd' is not part of the defined list of trusted organizations. Executing scripts directly via process substitution from untrusted sources allows the remote author to run any command on the agent's environment without verification or safety checks.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata