ubs-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill recommends installing software via 'curl | bash' from an untrusted GitHub repository ('Dicklesworthstone/ultimate_bug_scanner'). This allows arbitrary code execution on the host machine. * Evidence: Found in the 'Installation' section of SKILL.md.
- EXTERNAL_DOWNLOADS (HIGH): The skill pulls software from non-whitelisted sources, including unverified Docker images ('dicklesworthstone/ubs') and GitHub releases, violating trust boundary protocols.
- COMMAND_EXECUTION (MEDIUM): The skill executes the 'ubs' command with various flags. If the downloaded binary is malicious or compromised, this provides a direct path for system takeover.
- PROMPT_INJECTION (HIGH): High risk of indirect prompt injection (Category 8) because the skill reads external, untrusted source code and provides it to the agent for 'Code Review'. * Ingestion points: 'ubs scan ' reads external code files. * Boundary markers: Absent (no delimiters or ignore instructions for scanned content). * Capability inventory: The agent makes blocking merge decisions and suggests fixes based on tool output. * Sanitization: Absent.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/main/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata