ai-chatbot
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill clones a repository from an untrusted GitHub account ('https://github.com/Eng0AI/ai-chatbot-template.git'). This source is not verified and may contain malicious content. \n- REMOTE_CODE_EXECUTION (HIGH): Running 'pnpm install' and 'pnpm db:migrate' immediately after cloning an untrusted repository allows for the execution of arbitrary code via package lifecycle scripts or database migration logic. \n- COMMAND_EXECUTION (MEDIUM): The skill performs automated deployment steps using 'vercel' and 'netlify' CLI tools, involving shell pipes and environment variable manipulation that could be hijacked. \n- CREDENTIALS_UNSAFE (MEDIUM): The skill manages highly sensitive credentials including 'POSTGRES_URL', 'OPENAI_API_KEY', and 'VERCEL_TOKEN'. The deployment script specifically iterates through '.env' files to push these secrets to external cloud providers. \n- TIME-DELAYED / CONDITIONAL ATTACKS (MEDIUM): The instruction 'Never run pnpm dev in VM environment' is suspicious, as anti-VM checks are a common technique used by malware to evade security sandboxes and analysis environments.
Recommendations
- AI detected serious security threats
Audit Metadata