use-s3-rustfs
Fail
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads a shell script from 'https://rustfs.com/install_rustfs.sh' and executes it using 'sudo bash'. This allows an external server to execute arbitrary commands with elevated privileges inside the VM.\n- [EXTERNAL_DOWNLOADS]: Fetches executable content and documentation from 'rustfs.com', an external domain not associated with the author or trusted providers.\n- [COMMAND_EXECUTION]: Instructs the agent to execute sensitive system commands, including 'sudo apt-get' to install software, 'sudo systemctl' to manage services, and 'sudo rm -rf' on data directories. While targeted at a VM, these commands are executed with administrative privileges.\n- [CREDENTIALS_UNSAFE]: Hardcodes default credentials ('rustfsadmin') for both the S3 access keys and the web console. While it provides a command to rotate these keys, the presence of static defaults in the instructions and example code increases the risk of insecure deployment.
Recommendations
- AI detected serious security threats
Audit Metadata