environment-setup-guide
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The automated scanner detected a pattern where a script is downloaded from 'https://get.docker.com' and executed. Executing remote scripts ('curl | bash' style) bypasses security reviews and allows an external entity to run arbitrary commands on the system.
- External Downloads (HIGH): The skill reaches out to 'get.docker.com'. While Docker is a known service, this domain is not included in the 'Trusted GitHub Organizations' or 'Trusted GitHub Repositories' whitelist defined in the security policy, making it an untrusted source for automated execution.
- Command Execution (HIGH): The use of shell commands to download and run scripts poses a significant risk of privilege escalation, as Docker installation typically requires root or sudo access to modify system services and configurations.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.docker.com - DO NOT USE
- AI detected serious security threats
Audit Metadata