Skills
skills/kapishdima/fonttrio/audit-typography/Gen Agent Trust Hub

audit-typography

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends fetching typography configurations from https://www.fonttrio.xyz/r/{pairing-name}.json. This domain is an unverified third-party source not listed among trusted or well-known services.
  • [COMMAND_EXECUTION]: The instructions include a manual install command: bunx shadcn@latest add https://www.fonttrio.xyz/r/{pairing-name}.json. This command downloads and integrates remote content into the local project structure, which can pose a risk if the external source is compromised or contains malicious logic.
  • [REMOTE_CODE_EXECUTION]: By instructing the agent to use install_pairing via the Fonttrio MCP server or suggesting a direct download via shadcn@latest add, the skill facilitates the execution/installation of remote code artifacts into the user's environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 04:14 PM