Skills
skills/akillness/skills-template/npm-git-install/Snyk

npm-git-install

Fail

Audited by Snyk on Mar 6, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill explicitly shows and instructs embedding Personal Access Tokens directly in git HTTPS URLs (and even includes a ghp_ token placeholder), which encourages the LLM to emit secret values verbatim in commands — an unsafe credential-handling pattern.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Although many links point to official documentation and GitHub, the skill explicitly instructs installing arbitrary Git repositories (which can run build/prepare scripts and install binaries) and even includes a URL with an embedded ${GITHUB_TOKEN} — making it possible to distribute malicious code or leak credentials if the repos or tokens are untrusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs installing packages directly from GitHub via git+https/git+ssh URLs (e.g., "npm install git+https://github.com/...") and notes that the workflow will git-clone and run package prepare scripts, meaning the agent/runtime would fetch and execute arbitrary, user-generated repository content from GitHub.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill contains explicit runtime install commands that fetch and run remote repository code (e.g., npm install git+https://github.com/JEO-tech-ai/supercode.git#main), which causes a git clone and may run package prepare/build scripts—thus fetching and executing remote code at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The guide instructs global npm installs that write to system locations (e.g., /usr/local), includes sudo commands (sudo chown, sudo apt-get install git) and steps that modify system-level files and credentials, so it can change the machine state and requires elevated privileges.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 6, 2026, 12:44 PM