curl-http
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the
curlbinary to perform network requests, file transfers, and API testing. All examples use generic domains likeexample.comorapi.github.com. - [CREDENTIALS_UNSAFE]: The documentation includes examples for handling authentication (Basic Auth, Bearer Tokens, API Keys). It correctly uses placeholders such as
YOUR_TOKEN,your_api_key, andusername:passwordrather than hardcoding actual secrets. - [DATA_EXFILTRATION]: While the skill describes how to upload files and send data to remote servers via POST/PUT requests, these are presented as legitimate tool functionalities for API testing and file management. No suspicious or automated data exfiltration patterns were observed.
- [SSL_TLS_SECURITY]: The skill mentions the
-kor--insecureflag to ignore SSL certificate errors, but it explicitly includes a warning that this is "not recommended for production." - [FILE_OPERATIONS]: Examples include downloading files to the local system and uploading local files to remote servers. These are standard features of the curl utility and are presented in a purely instructional context.
Audit Metadata