sales-operations-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (CRITICAL): The README documentation explicitly recommends a 'One-Line Install' method:
curl -fsSL https://raw.githubusercontent.com/thierryteisseire/business_skills/main/install-skill.sh | bash. This pattern downloads and executes a shell script from an untrusted GitHub repository directly into the user's shell, which is a confirmed remote code execution vector. - [REMOTE_CODE_EXECUTION] (HIGH): The
package.jsonfile is configured withinstallandpostinstallhooks that automatically executeinstall.js. This ensures that arbitrary JavaScript code is run on the host machine as soon as the package is installed via npm, posing a significant risk if the package source is not trusted. - [COMMAND_EXECUTION] (HIGH): The installation scripts (
install.jsandinstall.sh) perform intrusive and potentially harmful file system operations. They create hidden application directories (~/.agents,~/.claude), copy files using theforceflag, and manage symlinks within the user's home directory. The shell script version also usesrm -rfon target directories, which could lead to unintended data loss if paths are misconfigured. - [DATA_EXPOSURE] (LOW): The installer scripts systematically access the user's home directory path to determine installation targets. While functional for an installer, this pattern reveals environment details to an untrusted script.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/thierryteisseire/business_skills/main/install-skill.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata