Skills
NYC
skills/smithery/ai/llm-basics/Gen Agent Trust Hub

llm-basics

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The file SKILL.md contains a command pattern curl -fsSL https://ollama.ai/install.sh | sh under the 'Local Inference' section. Piping a remote script directly into a shell interpreter is a dangerous practice that allows for arbitrary code execution on the user's system without prior inspection.
  • EXTERNAL_DOWNLOADS (HIGH): The skill directs the agent to download and execute scripts from ollama.ai. This domain is not included in the 'Trusted External Sources' list provided in the security guidelines, escalating the risk of the download finding.
  • COMMAND_EXECUTION (LOW): The skill documentation includes various CLI commands for local model execution (ollama run llama2) and API interactions, which are expected for its stated purpose but require user awareness.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://ollama.ai/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 09:39 AM