First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
8
Score
35/100
Findings (8)
Detects downloading scripts piped directly to a shell interpreter
curl -fsSL https://raw.githubusercontent.com/jacob-bd/universal-skills-manager/main/install.sh | shDownload the script first, inspect it, verify its checksum, then run it. Do not pipe curl/wget output directly to sh/bash. Prefer package manager installs.
Likely FP if the download is from a well-known installer domain (e.g., brew.sh, rustup.rs), though this pattern is inherently risky even with trusted sources.
Detects patterns of downloading and piping to shell execution
curl -fsSL https://raw.githubusercontent.com/jacob-bd/universal-skills-manager/main/install.sh | shDownload the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.
Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.
Detects skills fetching external URLs to use as runtime instructions
curl -fsSL https://raw.githubusercontent.com + promptsPin the downloaded resource to a specific version or commit hash, and verify its integrity with a checksum (SHA-256). Avoid fetching scripts or binaries from arbitrary URLs at runtime.
Likely FP if the download URL points to a well-known CDN or package registry (e.g., npmjs.com, pypi.org) and is pinned to a specific version.
Detects chained commands using shell operators with dangerous operations
curl -fsSL https://raw.githubusercontent.com/jacob-bd/universal-skills-manager/main/install.sh | shBreak chained commands into discrete, individually validated steps. Avoid piping untrusted output directly into a shell interpreter.
Likely FP if the matched text is a documentation example showing a common installer one-liner for a well-known tool with a canonical URL.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/jacob-bd/universal-skills-manager/main/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects patterns where external API responses are used directly without validation or sanitization
API response + without a specific query, useValidate and sanitize all data received from external APIs before using it in tool operations or agent prompts. Implement schema validation and treat API responses as untrusted input.
Likely FP if the match is a truncated table cell or documentation fragment that mentions API responses in a descriptive context, not actual unvalidated data processing.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
get one at https:// + configAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.
Detects fetching remote documentation or code to load as agent context
curl -X GET + https://raw.githubusercontent.com/{user}/{repo}/{branch}/{path}/SKILL.mdPin the SDK or script to a specific version and verify its checksum after download. Prefer installing SDKs via a package manager instead of fetching remote scripts directly.
Likely FP if the match is documentation showing how to install an official SDK (e.g., Google Cloud SDK, AWS CLI) from its canonical URL.