Skills
skills/xfstudio/skills/environment-setup-guide/Gen Agent Trust Hub

environment-setup-guide

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Remote Code Execution] (HIGH): The skill is configured to download a script from https://get.docker.com and execute it. This allows for arbitrary code execution from a remote source, which can bypass static security analysis.
  • [Command Execution] (HIGH): The execution of downloaded scripts like get-docker.sh can lead to unauthorized system modifications and persistent environmental changes.
  • [External Downloads] (LOW): The download targets a trusted organization (docker), which downgrades the severity of the external reference itself to LOW per the trust scope rule, but the associated execution behavior retains high severity.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.docker.com - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 06:27 AM