Skills
skills/eng0ai/eng0-template-skills/nextjs-supabase/Gen Agent Trust Hub

nextjs-supabase

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill performs a git clone from an untrusted repository: https://github.com/Eng0AI/nextjs-supabase-template.git. This source is not on the list of trusted organizations or repositories.
  • REMOTE_CODE_EXECUTION (HIGH): Following the download, the skill executes npm install. This command automatically runs any install scripts or lifecycle hooks defined in the downloaded package.json, allowing the untrusted code to execute with the user's local privileges.
  • COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to run build and development commands (npm run build, npm run dev) which execute arbitrary scripts defined in the external, untrusted template.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:04 PM