skills/nomadamas/k-skill/kbl-results/Gen Agent Trust Hub

kbl-results

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the kbl-results package globally via npm, which introduces a third-party dependency into the execution environment.
  • [COMMAND_EXECUTION]: The skill uses shell commands to install software and run a Node.js script using a heredoc (<<'JS').
  • [REMOTE_CODE_EXECUTION]: The Node.js script uses dynamic ESM imports (await import(entry)) to load and execute code from a path constructed at runtime (path.join(...)), which is a form of dynamic code loading.
  • [DATA_EXFILTRATION]: The skill performs network operations targeting api.kbl.or.kr. This is the official domain for the Korean Basketball League and matches the stated purpose of the skill.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 03:06 AM