Skills
skills/vectorize-io/hindsight/hindsight-docs/Gen Agent Trust Hub

hindsight-docs

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: In references/sdks/cli.md, the installation guide recommends executing a remote script via curl -fsSL https://hindsight.vectorize.io/get-cli | bash. This pattern is highly susceptible to supply chain attacks. Furthermore, the domain vectorize.io used in the URL contains a character substitution (using a dot instead of a hyphen) when compared to the author's verified naming patterns (vectorize-io), which is a known indicator of potential typosquatting or impersonation.
  • [COMMAND_EXECUTION]: The documentation in references/developer/admin-cli.md and references/sdks/cli.md details administrative commands (hindsight-admin backup, restore, decommission-workers) that possess significant system permissions. These tools can perform bulk data deletion, database schema migrations, and environment state overrides.
  • [EXTERNAL_DOWNLOADS]: Files such as references/developer/installation.md and references/developer/models.md describe the automated retrieval of embedding and reranking models (e.g., BAAI/bge-small-en-v1.5) from HuggingFace's public infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 05:36 AM