Skills
skills/psylch/ghostty-vibe-coding-stack/configuring-ghostty-vibe-stack/Gen Agent Trust Hub

configuring-ghostty-vibe-stack

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes scripts directly from the internet via shell pipes.
  • Downloads and executes the Homebrew installation script using curl | bash from raw.githubusercontent.com/Homebrew/install/HEAD/install.sh.
  • Downloads and sources the Fisher plugin manager using curl | source from raw.githubusercontent.com/jorgebucaran/fisher/main/functions/fisher.fish.
  • [COMMAND_EXECUTION]: The skill executes privileged commands and performs runtime code compilation.
  • Uses sudo tee -a /etc/shells to modify system configuration files, allowing the Fish shell to be used as a login shell.
  • Generates, compiles, and executes a Swift script (/tmp/set_default_terminal.swift) at runtime to change the system-level default terminal handler for executable files.
  • [EXTERNAL_DOWNLOADS]: The skill fetches code and packages from various third-party sources.
  • Clones the Neovim configuration repository from https://github.com/LazyVim/starter.
  • Installs a wide range of CLI tools, fonts, and binaries through Homebrew package manager and Homebrew Casks.
  • Installs Fish shell plugins directly from user-owned repositories (e.g., IlanCosman/tide).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 03:38 PM