Skills
skills/eng0ai/eng0-template-skills/ncine-presentation/Gen Agent Trust Hub

ncine-presentation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill clones a repository from https://github.com/Eng0AI/ncine-presentation-template.git, which is not on the list of trusted GitHub organizations or repositories.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill executes pnpm install and pnpm build immediately after cloning the untrusted repository. This action allows any scripts defined in the external repository's package.json to run arbitrary code on the host machine.
  • [COMMAND_EXECUTION] (MEDIUM): The setup process involves shell commands (mv, rm, git clone) that operate on the local file system using content retrieved from an unverified remote source.
  • [DATA_EXFILTRATION] (LOW): The deployment instructions utilize $VERCEL_TOKEN. A malicious template could be designed to exfiltrate this environment variable during the pnpm install or pnpm build phases.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:10 PM