Skills
skills/likw99/agent-skills/sync-trending/Gen Agent Trust Hub

sync-trending

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's primary workflow involves cloning and running third-party code from GitHub Trending. This is an unvetted source that can be manipulated by attackers to gain control of the user's machine.
  • [COMMAND_EXECUTION] (CRITICAL): The skill uses run_shell_command to execute package managers (npm install, pip install) and entry points (python main.py, npm start). These commands can execute arbitrary, malicious logic on the host system with the agent's privileges.
  • [DATA_EXFILTRATION] (HIGH): The skill explicitly gathers local context by reading README.md, package.json, and save_memory (user preferences). Combined with the ability to execute untrusted code and access the web, this creates a significant risk for secret and data theft.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill performs bulk downloads of entire repositories based on dynamic, attacker-influenced web content.
  • [PROMPT_INJECTION] (HIGH): This skill exhibits a severe Category 8 vulnerability.
  • Ingestion points: web_fetch of trending lists and git clone of third-party repositories.
  • Boundary markers: Missing for the internal analysis and execution phases.
  • Capability inventory: Full shell execution (run_shell_command) and file system access.
  • Sanitization: None. The agent processes and executes external content without any validation or sandboxing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 04:42 AM