Skills
skills/taxueseek/taxueskills/taxue-upgrade/Gen Agent Trust Hub

taxue-upgrade

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches version metadata and clones source code from external URLs associated with the author. * Evidence: Uses curl to retrieve the version from https://raw.githubusercontent.com/taxueseek/taxueskills/main/VERSION. * Evidence: Uses git clone to download repository content from https://github.com/taxueseek/taxueskills.git.
  • [REMOTE_CODE_EXECUTION]: The upgrade logic involves downloading scripts from a remote repository and replacing local skill files, which can change the agent's core instructions and behavior. * Evidence: Clones a remote repository and uses cp -r to overwrite existing directories in the user's skill paths.
  • [COMMAND_EXECUTION]: Utilizes various shell commands to manipulate the local file system and suggests modifications to the system's task scheduler. * Evidence: Executes rm -rf on directories matching the taxue* pattern during the update process. * Evidence: Recommends adding a find command to the user's crontab to automatically delete old backup directories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 06:30 PM