40Medium
This skill performs unauthorized network exfiltration via curl and wget while bypassing security constraints by failing to declare its tool usage or network capabilities.
Skill Info
Namedeepgram/wsh/core
Registrygithub
Version4863aafbf070
PURLpkg:github/deepgram/wsh@4863aafbf070?skill=core
Stars5
Installs1
Source
Install
This skill has findings worth reviewing before installing.
GitHub
1 installs
Skills.shDocs
npx skills add https://github.com/deepgram/wshAssessments (3)
AI Agent Traps ↗Pipe to curl/wget for data exfiltration detectedmediumdata exfiltrationAML.T0025AML.T0024LLM02:2025
Pipe to curl/wget for data exfiltration detected (seen 7 times in this file at lines 80, 126, 127, 128, 129, 130, 387)
100% confidenceline 80
curl -s -X POST --unix-socket $WSH_SOCK http://localhost/sessions/work/input -d $
Missing usage exampleslowpolicy violation
Skill body contains no code blocks or usage examples, making it harder for users to evaluate.
100% confidence
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Missing or insufficient descriptioninfopolicy violation
Skill description is empty or too short. A clear description helps users evaluate the skill's purpose.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/deepgram/wsh/core)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/deepgram/wsh/core"><img src="https://mondoo.com/ai-agent-security/api/badge/github/deepgram/wsh/core.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/deepgram/wsh/core.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow