Skills
skills/padparadscho/skills/rs-soroban-sdk/Gen Agent Trust Hub

rs-soroban-sdk

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill utilizes a piped shell execution pattern (curl | sh) to install the Stellar CLI from an untrusted remote source.
  • Evidence: Automated scanner detected curl -fsSL https://github.com/stellar/stellar-cli/raw/main/install.sh | sh.
  • Risk: This pattern allows for the execution of arbitrary code with user privileges without prior verification or manual review.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads and executes a script from the stellar GitHub organization.
  • Trust Status: Per [TRUST-SCOPE-RULE], the stellar organization is not in the defined list of trusted entities. Therefore, downloading and executing content from this source is treated as a high-severity finding.
  • COMMAND_EXECUTION (HIGH): The skill facilitates the execution of shell commands based on remote content.
  • Evidence: The use of sh to process the output of a network request via curl.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://github.com/stellar/stellar-cli/raw/main/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 07:09 AM