skills-search
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill provides instructions for executing package management commands (ccpm install/uninstall) that modify the system environment.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill facilitates the download of external tools and code from the CCPM registry and npm.
- REMOTE_CODE_EXECUTION (MEDIUM): Installing and managing skills from a remote registry allows for the execution of third-party code, posing a supply chain risk.
- METADATA_POISONING (MEDIUM): The inclusion of a '.security-scan-passed' file is a deceptive pattern used to project false safety through unverified claims. Per global security rules, this content must be disregarded.
Audit Metadata