auth0-angular
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The bash script in
references/setup.mddownloads an installation script fromhttps://raw.githubusercontent.com/auth0/auth0-cli/main/install.shand pipes it directly into the shell (sh). This enables arbitrary remote code execution from a source not on the trusted organizations list. - [COMMAND_EXECUTION] (MEDIUM): The setup script in
references/setup.mdexecutes system-level commands, includingbrew installand attempts to write to/usr/local/bin, which may require elevated permissions. - [EXTERNAL_DOWNLOADS] (LOW): The skill directs users to install the
@auth0/auth0-angularnpm package. While standard for this integration, it represents an external dependency. - [PROMPT_INJECTION] (LOW): Indirect injection surface detected. 1. Ingestion: Untrusted user profile data is handled via the
user$observable inSKILL.mdandreferences/api.md. 2. Boundary markers: Employs Angular's{{ }}template interpolation. 3. Capability: The skill provides local shell execution logic inreferences/setup.md. 4. Sanitization: Relies on Angular's built-in HTML sanitization. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were found; the skill appropriately uses placeholders like
your-client-idandyour-tenant.auth0.comfor configuration.
Recommendations
- AI detected serious security threats
Audit Metadata