Skills
skills/adaptyvbio/protein-design-skills/setup/Gen Agent Trust Hub

setup

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user to clone the hgbrian/biomodals repository. This GitHub account is not within the defined trusted organizations or repositories, making it an unverified external source.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates the execution of scripts downloaded from the unverified repository using modal run (e.g., modal_boltzgen.py). Executing unverified code from external sources is a direct path to remote code execution.
  • [COMMAND_EXECUTION] (MEDIUM): The skill requires running multiple system commands to modify the environment, including pip install, git clone, and modal setup, which creates a significant attack surface if the instructions are manipulated.
  • [CREDENTIALS_UNSAFE] (LOW): The skill suggests running modal token show to verify authentication. While used for debugging, this command displays sensitive authentication tokens in the terminal output, which could be captured by the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:29 AM