t2000-exchange
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's metadata specifies a requirement to run
npx @t2000/cli init. This command downloads and executes code from the NPM registry at runtime, which is an unverified source for this skill's context. - [EXTERNAL_DOWNLOADS]: The skill depends on the
@t2000/clipackage. This package does not belong to a trusted organization or the recognized vendor 'mission69b', making it an untrusted external dependency. - [COMMAND_EXECUTION]: The skill operates by executing shell commands via the
t2000CLI tool, which is installed from a remote source and lacks local verification.
Recommendations
- AI detected serious security threats
Audit Metadata