sveltia-cms
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSNO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): Automated scanners identified a malicious phishing URL (hello-world.de.md) associated with the skill's package. This is a confirmed security detection.\n- Obfuscation (MEDIUM): The keyword 'sveltia' is intentionally fragmented with multiple newlines ('svel\n\ntia') in the auto-trigger keywords section. This technique is commonly used to bypass keyword-based security filters.\n- NO_CODE (SAFE): The provided analysis context contains only a README.md file. No executable script files (e.g., init-sveltia.sh) or binary files mentioned in the documentation were provided for analysis.\n- COMMAND_EXECUTION (LOW): The documentation provides shell command snippets for user reference (e.g., Hugo and Jekyll site initialization). While the commands themselves are standard, the skill documentation references unprovided scripts intended for automated execution.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata