Skills
skills/mckinsey/agents-at-scale-ark/ark-vulnerability-fixer/Gen Agent Trust Hub

ark-vulnerability-fixer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill contains a command that fetches data from an external URL and pipes it directly into python3 for execution. This is a highly dangerous pattern that allows for arbitrary code execution on the host system.
  • Evidence: curl -s "https://cve.circl.lu/api/cve/CVE-2025-55183" | python3.
  • Analysis: The source domain cve.circl.lu is not within the defined [TRUST-SCOPE-RULE] whitelist. Even if the domain is associated with a legitimate organization, the execution of unvalidated remote content via a shell pipe is a critical security violation. An attacker controlling the API response could execute any command with the permissions of the agent process.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://cve.circl.lu/api/cve/CVE-2025-55183 - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 12:05 PM