smart-port-allocation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to use
npx -y @lionad/port-key, which fetches and executes a package from the public npm registry at runtime. The package@lionad/port-keyis not from a trusted source (e.g., Vercel, Anthropic, Google), posing a risk of supply chain attack if the package is compromised. - REMOTE_CODE_EXECUTION (HIGH): Using
npxto execute code that is not locally present or version-pinned allows for arbitrary code execution within the agent's environment. - COMMAND_EXECUTION (HIGH): The skill performs shell-level command execution to generate ports and check for conflicts (e.g.,
lsof,netstat,npx). - INDIRECT_PROMPT_INJECTION (HIGH): The skill is vulnerable to command injection through the project name input.
- Ingestion points: Project names provided by the user (as seen in
SKILL.mdandreferences/port-key.md). - Boundary markers: Absent. The skill instructions show the project name being passed directly as a shell argument:
npx -y @lionad/port-key "<project-name>". - Capability inventory: Execution of
npx,lsof,netstat, and modification of~/.port-key/config.json. - Sanitization: Absent. While the instructions suggest the agent "extract initials," there is no hard constraint preventing a malicious project name like
my-project"; touch /tmp/pwned; "from being executed in the shell. - DATA_EXPOSURE (LOW): The skill accesses the user's home directory (
~/.port-key/config.json) to manage tool settings. While not inherently malicious, it establishes a pattern of local file modification based on external inputs.
Recommendations
- AI detected serious security threats
Audit Metadata