Skills
skills/levino/shipyard-pocketbase-app-template/create-collection/Gen Agent Trust Hub

create-collection

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The provided script template contains hardcoded superuser credentials ('admin@test.local' and 'testtest123') used to authenticate with the PocketBase instance. Hardcoding credentials in automation scripts is a high-risk practice.
  • [COMMAND_EXECUTION] (MEDIUM): The instructions require the agent to generate a local JavaScript file and execute it using the 'node' command. This pattern of dynamic code generation and execution poses a risk of command injection if the input used to generate the script is not properly sanitized.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill depends on the 'pocketbase' Node.js package, which involves fetching code from the external npm registry at runtime.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:31 PM