setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill contains a direct 'curl | bash' pattern in Step 6 to install NVM (
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash). Piped execution of remote scripts is a high-risk vector for supply chain attacks. - COMMAND_EXECUTION (HIGH): The skill executes multiple administrative shell commands, including
git init,gh repo create,rm -rf, andnpx wrangler. This level of system access could be abused to perform unintended modifications to the user's environment. - EXTERNAL_DOWNLOADS (MEDIUM): The skill pulls content from external GitHub repositories (
aem-growth-adoption/team-boilerplateandaem-growth-adoption/access-apps). While these are specific organizational targets, they represent a dependency on external, untrusted content at runtime. - DATA_EXFILTRATION (LOW): The skill automates the creation of private GitHub repositories and registers them in a centralized
access-appsrepository. While intended for setup, this capability could potentially be used to leak project metadata to external repositories. - INDIRECT PROMPT INJECTION (LOW): The skill processes user-provided project names and descriptions to replace placeholders in files like
package.jsonandapp.jsx. Without sanitization, malicious input could inject unexpected code into the generated project files.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata