ohmyzsh-p10k
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill and its installation script execute a remote shell script using 'sh -c "$(curl ...)"'. This is an unverified execution pattern from a source (ohmyzsh) that is not on the trusted organization list.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads multiple themes and plugins from various GitHub repositories (zsh-users, romkatv, mbadolato, powerline) that are not recognized as trusted sources, posing a supply chain risk.
- [COMMAND_EXECUTION] (LOW): The script performs persistent modifications to the user's shell environment by editing ~/.zshrc using sed and perl, and installs system packages via Homebrew.
Recommendations
- AI detected serious security threats
Audit Metadata