Skills
skills/terrylica/cc-skills/graph-easy/Gen Agent Trust Hub

graph-easy

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file references/preflight-check.md contains installation instructions that involve downloading a script from a remote URL and piping it directly into the Perl interpreter (e.g., curl -L https://cpanmin.us | ... perl -).
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool for operational tasks and setup. The references/preflight-check.md file explicitly guides the user to execute sudo commands for system package installation on Linux platforms.
  • [EXTERNAL_DOWNLOADS]: The skill's preflight documentation encourages downloading external dependencies from non-whitelisted domains, including the cpanminus installer and the Graph::Easy Perl module from CPAN.
  • [CREDENTIALS_UNSAFE]: The wrapper script scripts/graph-easy contains a hardcoded absolute file path (/Users/terryli/.local/...) which discloses a local system username, indicating a lack of portability and potential information leakage.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 03:50 AM