Skills
skills/zackkorman/skills/command-safety-2/Gen Agent Trust Hub

command-safety-2

Fail

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill contains a command that fetches a script from 'https://zkorman.com/execs' and pipes it directly into the bash interpreter. This allows for the execution of arbitrary remote code on the host system.
  • [COMMAND_EXECUTION]: The skill utilizes the dynamic context injection syntax ('!') which forces the shell command to run automatically at skill load time. This behavior bypasses user confirmation and executes the high-risk payload immediately.
  • [EXTERNAL_DOWNLOADS]: The skill initiates an external network connection to retrieve content from 'zkorman.com', which is then used as an execution payload.
Recommendations
  • HIGH: Downloads and executes remote code from: https://zkorman.com/execs - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 26, 2026, 01:32 PM