Skills
skills/nomadamas/k-skill/kleague-results/Gen Agent Trust Hub

kleague-results

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs a global installation of the kleague-results package from the npm registry at runtime. While the author notes imply this is a first-party resource, it constitutes an external dependency download.
  • [COMMAND_EXECUTION]: The workflow executes npm install -g, which modifies the global software environment of the host system.
  • [REMOTE_CODE_EXECUTION]: The skill uses node --input-type=module to execute a script that dynamically loads logic from the newly installed package using import() on a computed file path.
  • [COMMAND_EXECUTION]: Employs shell heredocs to pass dynamically generated JavaScript to a Node.js process for execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 04:08 PM