Skills
skills/rebyteai-template/rebyte-skills/dillion-portfolio/Gen Agent Trust Hub

dillion-portfolio

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill clones a project from 'https://github.com/Eng0AI/portfolio-template.git'. The 'Eng0AI' organization is not among the trusted sources, meaning the integrity of the downloaded content cannot be verified.
  • REMOTE_CODE_EXECUTION (HIGH): After cloning the untrusted repository, the instructions command the user to run 'pnpm install' and 'pnpm dev'. These commands execute scripts defined in the external repository, enabling arbitrary code execution on the user's machine.
  • COMMAND_EXECUTION (MEDIUM): The skill utilizes shell commands to manipulate the filesystem ('rm -rf', 'mv') and handle deployment ('vercel', 'netlify'). Executing these commands on files retrieved from an untrusted remote source increases the risk of system compromise.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 02:26 PM