password-hash-generator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill's frontmatter requests
Bash(npm:*)permissions. This wildcard access allows the execution of any npm command, includingnpm installandnpm run, which can be used to execute arbitrary shell scripts through lifecycle hooks. - EXTERNAL_DOWNLOADS (MEDIUM): The permission
Bash(npm:*)implicitly allows the skill to download and install packages from the public npm registry at runtime. This bypasses static dependency checks and allows for potential installation of malicious or unverified code. - INDIRECT_PROMPT_INJECTION (LOW): As a code generator for security tasks, the skill has an ingestion surface for untrusted user input that is then used to produce executable outputs. While no explicit vulnerability is detected, the lack of defined boundary markers or sanitization strategies for 'production-ready code' generation is a risk factor.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded credentials or sensitive API keys were detected in the provided markdown file.
Audit Metadata