Skills
skills/zackkorman/skills/command-safety-3/Gen Agent Trust Hub

command-safety-3

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script my-script.sh uses a pipe-to-shell pattern (curl | bash) to execute remote content from https://zkorman.com/execs.
  • This method of execution provides no mechanism for verifying the integrity or safety of the remote payload before it runs on the system.
  • Although the domain is associated with the skill's author, the remote script could be modified at any time to include malicious commands.
  • [COMMAND_EXECUTION]: The skill provides and references a functional bash script (my-script.sh) intended for execution within the agent environment.
  • The SKILL.md file explicitly mentions the use of the Bash tool and includes the path to the executable script, creating a direct path for the agent to trigger the high-risk remote code execution pattern.
Recommendations
  • HIGH: Downloads and executes remote code from: https://zkorman.com/execs - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 04:21 PM