theme-foundation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to run
npx @basiclines/rampa. This command downloads and executes code from the npm registry. The organization '@basiclines' is not a trusted source, making this an unverifiable external dependency with remote execution capabilities.- [COMMAND_EXECUTION] (LOW): The skill constructs shell commands by interpolating user-provided input (<brand-color>). This creates a surface for indirect prompt injection or command injection if the input contains shell metacharacters. - Ingestion points: User-provided
<brand-color>in the Recipe section ofSKILL.md. - Boundary markers: Absent; there are no instructions to validate the format of the brand color or use delimiters.
- Capability inventory: Shell command execution via the
npxenvironment. - Sanitization: Absent; the brand color is directly injected into the bash command string without escaping or validation.
Audit Metadata