awwwards-landing-page
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill clones a template from an untrusted source:
https://github.com/Eng0AI/awwwards-landing-page-template.git. This repository is not from a trusted organization and has not been verified. - REMOTE_CODE_EXECUTION (HIGH): The instruction to run
npm installimmediately after cloning an untrusted repository is a critical risk. Maliciouspreinstallorpostinstallscripts in thepackage.jsonof the external repo can execute arbitrary code on the host machine. - INDIRECT_PROMPT_INJECTION (HIGH): 1. Ingestion points: Repository content from
Eng0AI/awwwards-landing-page-template.git. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution (git,mv,rm), package installation (npm install), and deployment (vercel,netlify). 4. Sanitization: None. The skill processes external data and provides it with execution capabilities, creating a significant attack surface. - COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands to manipulate files and deploy to cloud providers. It also relies on the
$VERCEL_TOKENenvironment variable, which could be exposed if command history or agent logs are not secured.
Recommendations
- AI detected serious security threats
Audit Metadata