omnidist
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run multiple commands using
npx, specificallyinit,ci,build,stage,verify, andpublishusing the@omnidist/omnidistpackage. - [EXTERNAL_DOWNLOADS]: Uses
npx -yto automatically download the@omnidist/omnidistpackage from the npm registry at runtime. - [REMOTE_CODE_EXECUTION]: The use of
npx -y @omnidist/omnidist@latestresults in the execution of remote code from an external registry. This is a core functionality of the skill but carries risks associated with dependency supply chains. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Reads project configuration fields such as
tool.main,distributions.npm.package, anddistributions.uv.packagefrom the repository. - Boundary markers: None identified in the provided instructions to sanitize these inputs before they are used to generate workflow files.
- Capability inventory: Capable of writing files to the repository (e.g.,
.github/workflows/omnidist-release.yml) and executing deployment commands. - Sanitization: There is no mention of validation or escaping for the project-specific strings interpolated into the generated templates.
Audit Metadata