admin-windows
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Accesses sensitive file paths, specifically SSH keys via the profile mapping $AdminProfile.paths.sshKeys which points to the user's .ssh directory.
- [COMMAND_EXECUTION] (HIGH): Modifies permanent system-wide environment variables and the PATH across both 'User' and 'Machine' scopes, which typically requires elevated privileges.
- [COMMAND_EXECUTION] (HIGH): Explicitly instructs the agent to relax system security by changing the PowerShell execution policy to 'RemoteSigned'.
- [DATA_EXFILTRATION] (MEDIUM): Provides network capabilities through PowerShell cmdlets like Invoke-WebRequest (aliased as curl/iwr), which can be used to exfiltrate sensitive data accessed by the skill.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Facilitates the installation of external packages via multiple managers (scoop, winget, choco) without verifying package integrity or source.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata