Skills
skills/patricio0312rev/skills/dev-onboarding-builder/Gen Agent Trust Hub

dev-onboarding-builder

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill uses the pattern curl https://get.volta.sh | bash to download and immediately execute code from the internet. This is a significant security risk because it bypasses any opportunity for code review or integrity verification.
  • EXTERNAL_DOWNLOADS (HIGH): The source domain get.volta.sh is not listed as a trusted repository or organization according to the security policy. Remote execution from untrusted sources is treated as a high-severity finding.
  • COMMAND_EXECUTION (HIGH): Piped shell execution allows a remote script to run any command with the privileges of the agent, potentially leading to full system compromise.
Recommendations
  • HIGH: Downloads and executes remote code from: https://get.volta.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:00 PM