Skills
skills/aradotso/trending-skills/webphysics-avbd-engine/Gen Agent Trust Hub

webphysics-avbd-engine

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to fetch source code from a third-party GitHub repository (https://github.com/jure/webphysics.git). This source is not verified as a trusted organization or well-known service.- [REMOTE_CODE_EXECUTION]: The installation steps include running npm install, which automatically executes scripts (like preinstall or postinstall) defined in the downloaded package.json. This allows for arbitrary code execution from an unverified external source.- [COMMAND_EXECUTION]: The skill provides instructions to execute several shell commands (git clone, npm install, npm run dev) that facilitate the execution of third-party code with the user's local system permissions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 08:51 AM