Skills
skills/eng0ai/eng0-template-skills/py-intro/Gen Agent Trust Hub

py-intro

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill clones a repository from an untrusted source: https://github.com/Eng0AI/py-intro-template.git. This source does not belong to the list of trusted GitHub organizations or repositories.
  • [REMOTE_CODE_EXECUTION] (HIGH): Executing pnpm install immediately after cloning an untrusted repository allows any malicious lifecycle scripts (e.g., preinstall, postinstall) defined in that repository's package.json to execute on the local machine.
  • [COMMAND_EXECUTION] (MEDIUM): The skill performs multiple shell operations including file moving, deletion, and deployment commands (vercel, netlify). While functional, these operations are performed on untrusted code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:09 PM