Skills
skills/viktor-ferenczi/se-dev-skills/se-dev-server-code/Gen Agent Trust Hub

se-dev-server-code

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The Prepare.bat script downloads an executable binary (busybox64u.exe) from an external third-party domain (https://frippery.org/files/busybox/busybox64u.exe) using PowerShell.
  • [REMOTE_CODE_EXECUTION]: The Prepare.bat script executes a remote PowerShell script directly from the internet using the iex (Invoke-Expression) command (irm https://astral.sh/uv/install.ps1 | iex) to install the uv tool.
  • [COMMAND_EXECUTION]: The skill performs several high-privilege or sensitive command-line operations:
  • Registry Access: Queries the Windows Registry (reg query "HKEY_CURRENT_USER\Software\Valve\Steam") to discover local file paths.
  • Directory Junctions: Uses mklink /J to create directory junctions between the game installation and the skill folder.
  • Global Tool Installation: Executes dotnet tool install --global ilspycmd to install software globally on the host system.
  • [DATA_EXPOSURE]: The copy_content.py and Prepare.bat scripts access and duplicate local game data and metadata from the user's Steam installation directory for indexing purposes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 04:26 AM