Skills
skills/djalmajr/skills/wiki-init/Gen Agent Trust Hub

wiki-init

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill clones a repository from https://github.com/tobi/qmd.git and executes bun install followed by bun run build. This involves executing third-party code from an unverified source at runtime.
  • Evidence is located in scripts/wiki-init.ts within the ensureManagedQmdCheckout function.
  • [EXTERNAL_DOWNLOADS]: The installation process fetches software components from an external GitHub repository.
  • Defined in scripts/wiki-init.ts via the qmdRepoUrl constant.
  • [COMMAND_EXECUTION]: The skill makes extensive use of system commands and subprocesses to perform installation and auditing tasks.
  • Uses Bun.spawn to run generated shell scripts in templates/opencode-plugin.js.tmpl.
  • Uses execFileSync to run git, bun, and bash commands in scripts/wiki-init.ts.
  • Automatically sets executable permissions on generated files using chmod 0o755.
  • Generates multiple script files from templates and stores them on the local filesystem.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 09:20 PM