mantis-react-admin
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill performs a 'git clone' from an untrusted source: https://github.com/Eng0AI/mantis-react-admin-template.git. The organization 'Eng0AI' is not a recognized trusted source, making the integrity of the downloaded code unverifiable.
- REMOTE_CODE_EXECUTION (HIGH): Following the clone, the skill executes 'yarn install' and 'yarn start'. Node.js package managers can execute arbitrary code during the installation phase via 'preinstall' or 'postinstall' scripts defined in the cloned repository's package.json.
- CREDENTIALS_UNSAFE (LOW): The deployment section uses '$VERCEL_TOKEN'. While using environment variables is standard practice, the skill's context involving untrusted code execution increases the risk of this token being exfiltrated if the cloned repository contains malicious logic.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from an external repository that could influence the agent's behavior if it parses documentation or code within that repo.
- Ingestion points: Repository content via git clone (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: yarn install, yarn start, vercel deploy.
- Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata