awwwards-landing-page
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill uses 'git clone' to download code from 'https://github.com/Eng0AI/awwwards-landing-page-template.git', which is not a trusted source.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill executes 'npm install' on the downloaded contents. This allows any preinstall or postinstall scripts in the untrusted repository's package.json to execute arbitrary code on the user's system.
- [COMMAND_EXECUTION] (HIGH): The skill executes shell commands (npm, git, vercel) on unverified content obtained from the internet.
- [CREDENTIALS_UNSAFE] (LOW): Sensitive credentials ($VERCEL_TOKEN) are passed as command-line arguments to the vercel CLI, which can expose the token in process monitors, shell history, or logs.
Recommendations
- AI detected serious security threats
Audit Metadata