Skills
skills/ennno/liveavatar-ai-sdr/ai-sdr-agent/Gen Agent Trust Hub

ai-sdr-agent

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill clones a repository from an untrusted GitHub account (https://github.com/eNNNo/liveavatar-ai-sdr.git). The source is not among the trusted organizations and the repository contents are unverified.- [REMOTE_CODE_EXECUTION] (HIGH): Immediately after cloning, the skill executes npm install and npm run dev on the third-party code. This allows for arbitrary code execution on the user's host machine during the installation and execution phases.- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes the Bash tool to perform system-level operations, including writing environment variables to .env.local and managing directory structures.- [DATA_EXFILTRATION] (MEDIUM): While no explicit exfiltration logic is visible in the skill script, it requires a sensitive 'LiveAvatar API Key' and places it into an environment file accessible by the unverified external code, creating a high risk of credential theft.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:59 AM