The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The installation instructions require downloading registry files from https://elements.nexus.availproject.org/r/deposit.json. This domain is not recognized as a trusted source, posing a potential supply chain risk.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Using npx shadcn@latest add with a remote URL allows for the execution of configuration scripts and the writing of arbitrary files to the local project based on the contents of the remote JSON. This is a vector for unverified remote code execution.\n- [COMMAND_EXECUTION] (LOW): The skill documentation suggests the execution of npx commands. While common in web development, an agent blindly executing these shell commands without human validation could be exploited if parameters are manipulated.

nexus-elements-deposit