Skills
skills/oakencore/skillvet/suspicious-package-test/Gen Agent Trust Hub

suspicious-package-test

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • External Downloads (HIGH): The skill includes a command to install a package from an untrusted GitHub repository: https://github.com/attacker/malware.git. The source is outside the allowed trusted scope and the naming suggests malicious intent.
  • Remote Code Execution (HIGH): Installation from a git URL via pip triggers the execution of local build or setup scripts provided by the repository, which can be leveraged for arbitrary code execution upon installation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:42 AM