nexus-elements-swaps
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the agent to download component definitions from
https://elements.nexus.availproject.org/r/swaps.json. This domain is not listed as a trusted external source.- [REMOTE_CODE_EXECUTION] (HIGH): Executingnpx shadcn@latest addwith a remote URL as the source is a form of remote code execution, as it fetches and writes code from that URL directly into the local project structure. Since the source is untrusted, this poses a high risk of supply chain attack.
Recommendations
- AI detected serious security threats
Audit Metadata