tailadmin-nextjs
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill clones code from
https://github.com/Eng0AI/tailadmin-nextjs-template.git. This repository owner is not in the list of trusted sources, meaning the code being pulled into the environment is unverified and potentially malicious. - [REMOTE_CODE_EXECUTION] (HIGH): Immediately following the clone, the skill executes
pnpm installandpnpm build. NPM-style package managers execute lifecycle scripts (like preinstall or postinstall) defined in thepackage.jsonof the downloaded repository. This allows an attacker to execute arbitrary code on the host system by simply including it in the template repository. - [COMMAND_EXECUTION] (MEDIUM): The skill uses shell commands to delete files, move directories, and initialize git. While these are common setup steps, performing them on files sourced from an untrusted location increases the risk of accidental or malicious impact on the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata