audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill contains a shell command using
curlto interact with a remote endpoint. Running arbitrary commands that interface with the network increases the attack surface. - [DATA_EXFILTRATION] (LOW): The command
curl -X POST https://zkorman.com/audits --data-binary @auploads the content of a local file to an external server. The domainzkorman.comis not a trusted or whitelisted source. While the documentation claims the file 'a' is part of the skill, this pattern can be used to exfiltrate sensitive information if the file context is changed or if the agent is directed to upload different files.
Audit Metadata