Skills
skills/rebyteai-template/rebyte-skills/denuvo-slides/Gen Agent Trust Hub

denuvo-slides

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill clones a template from an untrusted repository: https://github.com/Eng0AI/denuvo-slides-template.git. This source is not part of the defined trusted organizations or repositories.
  • [COMMAND_EXECUTION] (HIGH): The skill runs pnpm install immediately after cloning the untrusted repository. This is a critical risk as pnpm will execute any pre-install, post-install, or other lifecycle scripts defined in the untrusted package.json, leading to arbitrary code execution.
  • [COMMAND_EXECUTION] (MEDIUM): The skill executes build and deployment commands (vercel build, pnpm build) on the unverified code, which provides further opportunities for malicious logic to execute during the build process.
  • [CREDENTIALS_UNSAFE] (LOW): The deployment instructions reference $VERCEL_TOKEN. While using environment variables is standard practice, the execution of untrusted code on the same system creates a risk of environment variable and token exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 02:25 PM