nexus-elements-unified-balance
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill configures a custom registry and downloads components from https://elements.nexus.availproject.org/r/unified-balance.json. This domain is not on the trusted list, meaning the integrity of the downloaded content cannot be automatically verified.
- [COMMAND_EXECUTION] (MEDIUM): Execution of 'npx shadcn@latest add' pointed at a remote third-party URL allows the tool to write files and install arbitrary dependencies defined in the remote JSON manifest.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The manual installation instructions describe a process of downloading a JSON manifest and creating local files based on its 'content' field. This effectively allows the remote source to inject arbitrary code into the project structure.
Audit Metadata