get-started
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill provides instructions to run 'cookiecutter gh:keboola/cookiecutter-python-component'. This involves downloading a template from a GitHub repository ('keboola') that is not included in the 'Trusted GitHub Organizations' list defined in the security policy.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Cookiecutter templates can contain 'pre_gen_project.py' or 'post_gen_project.py' hooks which are arbitrary Python scripts that execute automatically during the project creation process. Recommending the execution of a template from an unverified external source poses a risk of remote code execution on the user's environment.
Audit Metadata