nexus-elements-fast-bridge
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the agent to download resources from 'https://elements.nexus.availproject.org/r/fast-bridge.json'. Since this domain is not included in the Trusted External Sources list, it is considered an untrusted source for automated code injection.
- [REMOTE_CODE_EXECUTION] (HIGH): The installation instructions utilize 'npx shadcn@latest add' with a remote URL. This process allows the remote server to specify files and executable content that are automatically integrated into the user project, creating a significant remote code execution vector.
- [COMMAND_EXECUTION] (MEDIUM): The instructions require running 'npx' commands and modifying 'components.json' based on remote configurations, which can be exploited if the remote manifest is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata