hetzner-infra
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads the hcloud CLI from 'github.com/hetznercloud'. This organization is not on the Trusted GitHub Organizations list, making the source unverified.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill uses 'curl | tar' to download and extract a binary from an unverified source, which is a high-risk pattern for executing potentially malicious code.
- [COMMAND_EXECUTION] (HIGH): The instruction to use 'sudo mv' to move the unverified binary into '/usr/local/bin/' represents a privilege escalation risk, as it installs untrusted code into a system-wide execution path.
Recommendations
- AI detected serious security threats
Audit Metadata