istio-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill uses a piped execution pattern (
curl | sh) to download and run a script directly from a remote URL. - Evidence:
curl -L https://istio.io/downloadIstio | shwas detected. - Risk: This pattern is highly dangerous as it allows the remote server to execute arbitrary commands on the agent's host environment. If the source or the connection is compromised, it leads to full system takeover. The domain istio.io is not on the predefined list of trusted sources for automated execution.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill attempts to fetch software from an external domain without cryptographic verification or pinning.
- Evidence: Download from
https://istio.io/downloadIstio. - Risk: Unverifiable dependencies introduce supply chain risks where malicious code can be injected during the download process.
Recommendations
- HIGH: Downloads and executes remote code from: https://istio.io/downloadIstio - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata