web-design
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to fetch and install a hit-area utility from an unverified external source (
https://bazza.dev/r/hit-area). This domain is not recognized as a trusted vendor or well-known service. - [REMOTE_CODE_EXECUTION]: By advising the use of
npx shadcn@latest addwith a remote URL as an argument, the skill facilitates the downloading and execution of arbitrary code from an external repository into the local project environment. - [COMMAND_EXECUTION]: The skill provides various shell commands for package management and component installation, which pose a risk if the instructions are followed without verifying the source or content of the external scripts.
Recommendations
- AI detected serious security threats
Audit Metadata