Skills
skills/basiclines/rampa-studio/data-viz-palette/Gen Agent Trust Hub

data-viz-palette

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx @basiclines/rampa to fetch and execute a package from the npm registry. The @basiclines organization is not recognized as a trusted source, presenting a risk of supply chain attack or execution of malicious code.
  • [COMMAND_EXECUTION] (HIGH): The skill relies on executing shell commands (rampa) to generate palettes. These commands are constructed by interpolating user-provided inputs like <brand-color>. This is a significant security risk as it provides a direct path for command injection if the agent does not properly sanitize the input.
  • [REMOTE_CODE_EXECUTION] (HIGH): The combination of downloading untrusted packages via npx and providing a mechanism for command injection via shell interpolation allows for potential remote code execution on the user's machine.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:23 AM