gsap-awwwards-website
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill clones a repository from 'https://github.com/Eng0AI/gsap-awwwards-website-template.git'. The 'Eng0AI' organization is not on the Trusted External Sources list, making the source unverifiable.
- REMOTE_CODE_EXECUTION (MEDIUM): By running 'npm install' and 'npm run build' on the cloned repository, the agent executes scripts defined in that repository's 'package.json'. This allows an untrusted third party to execute arbitrary code on the host system during the build process.
- COMMAND_EXECUTION (LOW): The skill executes multiple shell commands to move files, initialize git, and deploy to Vercel/Netlify. While functional, this represents a wide execution surface for scripts pulled from the internet.
- CREDENTIALS_UNSAFE (LOW): The deployment instructions suggest using '$VERCEL_TOKEN' directly in shell commands. While placeholders are used, passing sensitive tokens as command-line arguments can occasionally lead to exposure in process logs or command history.
Audit Metadata