Skills
skills/availproject/nexus-elements/nexus-elements-bridge-deposit/Gen Agent Trust Hub

nexus-elements-bridge-deposit

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to configure a custom registry at 'https://elements.nexus.availproject.org/r/{name}.json' and download JSON configuration files from this domain. This domain is not on the trusted sources list.
  • [REMOTE_CODE_EXECUTION] (HIGH): The installation instructions use 'npx shadcn@latest add' pointed at a remote URL. This command downloads code and configuration from the external source and integrates it into the local project, which can include script execution or file modifications.
  • [DATA_EXFILTRATION] (SAFE): No evidence of credential theft or unauthorized data transmission was found in the provided instructions, though the downloaded code itself is unverified.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 08:39 AM