triclaude
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill performs a
git pullfrom the GitHub repositoryyousufjoyian/triclaudeinSKILL.md. This repository is not a recognized trusted source, creating a dependency on unverified external code.\n- [REMOTE_CODE_EXECUTION] (HIGH): Content retrieved from the untrusted repository is executed directly usingpython3,nix-shell, andnpx vite. This pattern of downloading and immediately executing/building code from an unverified source allows for remote code execution if the repository is malicious.\n- [COMMAND_EXECUTION] (MEDIUM): The skill relies on extensive shell command execution for service management and system configuration, including the use ofrsyncto synchronize files and the execution of background processes.
Recommendations
- AI detected serious security threats
Audit Metadata