pipes-new-indexer
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The guide contains multiple instances of downloading scripts from the internet and piping them directly into a shell for execution.
- Evidence in
references/ENVIRONMENT_SETUP.md:curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash(NVM installation). - Evidence in
references/ENVIRONMENT_SETUP.md:curl -fsSL https://bun.sh/install | bash(Bun installation). - [COMMAND_EXECUTION] (HIGH): The setup instructions require the execution of scripts and system modifications using
sudo, which grants root-level access. - Evidence in
references/ENVIRONMENT_SETUP.md:sudo sh get-docker.sh(Docker installation). - Evidence in
references/ENVIRONMENT_SETUP.md:sudo usermod -aG docker $USER(Modifying system groups). - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on an npm package from a personal scope (
@iankressin/pipes-cli) rather than a verified organization. This introduces a supply chain risk if the account is compromised or the package is malicious. - Evidence in
references/ENVIRONMENT_SETUP.md:npx @iankressin/pipes-cli@latest --version.
Recommendations
- AI detected serious security threats
Audit Metadata