vite-react
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions direct the agent to clone a project from 'https://github.com/Eng0AI/vite-react-template.git'. This source is not part of the established trusted organizations or repositories list.
- COMMAND_EXECUTION (MEDIUM): The skill requires running 'npm install' and 'npm run build' on the newly cloned, untrusted content. Malicious code within the repository's 'package.json' (such as preinstall or postinstall scripts) could execute arbitrary commands on the user's system.
- CREDENTIALS_UNSAFE (LOW): The deployment commands utilize the '$VERCEL_TOKEN' environment variable. While the token itself is not hardcoded, running untrusted code in an environment where this sensitive token is present creates a risk of data exfiltration.
Audit Metadata