twd-setup
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the installation of
twd-jsandtwd-relayfrom the npm registry. These packages are authored by an untrusted third party (brikev) and are not associated with a verified organization, presenting a supply chain risk. - REMOTE_CODE_EXECUTION (HIGH): The instructions include running
npx twd-js init public, which downloads and executes arbitrary code from an untrusted package source. This bypasses typical installation safety checks and can lead to immediate machine compromise. - EXTERNAL_DOWNLOADS (HIGH): An automated scanner (URLite) flagged the domain
twd.inas a Phishing site. Although this likely results from a false positive match on the code stringtwd.init, the presence of a known malicious domain signature within setup scripts requires high-severity labeling until verified safe. - PROMPT_INJECTION (LOW): The skill creates an Indirect Prompt Injection surface by directing the creation of persistent configuration files (e.g.,
CLAUDE.md,.cursorrules). These files contain behavioral instructions that influence the reasoning of future AI agents in the same project. Evidence Chain: (1) Ingestion points:CLAUDE.md,.cursorrules,.clinerules. (2) Boundary markers: Absent. (3) Capability inventory: NPM installation, NPX execution, and Vite configuration modification. (4) Sanitization: Absent.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata