up-deps
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- External Downloads (HIGH): The skill uses
npxto download and executetazeand@antfu/nifrom the npm registry. Since the author/organizationantfu-collectiveis not on the trusted sources list, this is classified as a high-risk remote download and execution pattern. - Remote Code Execution (HIGH): The skill executes
npx taze --installandnpx @antfu/ni. These commands trigger package manager installation processes which execute arbitrary lifecycle scripts (e.g.,preinstall,postinstall) defined inpackage.json. - Indirect Prompt Injection (HIGH): This skill exhibits a significant vulnerability surface. 1. Ingestion points: Reads project
package.jsonfiles usingcatandfindinSKILL.md. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the files being read. 3. Capability inventory: Possesses file-write capabilities (--write) and arbitrary command execution through package installation (--install). 4. Sanitization: None; the skill does not validate or sanitize the contents ofpackage.jsonbefore processing them. An attacker who can influence a project'spackage.jsoncould execute malicious code when the agent runs this skill.
Recommendations
- AI detected serious security threats
Audit Metadata