Skills
skills/monkey1sai/openai-cli/dev-onboarding-builder/Gen Agent Trust Hub

dev-onboarding-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The automated scan detected 'curl https://get.volta.sh | bash'. This pattern is a critical security risk as it executes unverified code from the internet directly on the host system with the privileges of the running process.
  • External Downloads (HIGH): The domain 'get.volta.sh' is not listed as a trusted external source. Under the [TRUST-SCOPE-RULE], this cannot be downgraded to a lower severity.
  • Command Execution (HIGH): The use of piped shell execution allows for immediate system modification, potentially including persistence or unauthorized environment changes.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.volta.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 08:47 PM