Skills
skills/eng0ai/eng0-template-skills/dillion-portfolio/Gen Agent Trust Hub

dillion-portfolio

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill performs a git clone from https://github.com/Eng0AI/portfolio-template.git. This GitHub user is not in the trusted scope, meaning the downloaded content has not been pre-verified for safety.
  • REMOTE_CODE_EXECUTION (MEDIUM): The instructions include running pnpm install and pnpm build on the downloaded content. This is a significant risk because package.json lifecycle scripts (like preinstall or postinstall) in the untrusted repository could execute arbitrary code during the installation process.
  • COMMAND_EXECUTION (LOW): The deployment process involves executing shell commands with sensitive environment variables like $VERCEL_TOKEN. While this is standard for CI/CD workflows, it presents a potential exposure risk if the environment is not properly secured or if the CLI tools are substituted with malicious versions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:38 AM