gsap-awwwards-website
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to clone a repository from an untrusted GitHub user (
Eng0AI/gsap-awwwards-website-template). As this user/organization is not in the trusted sources list, the integrity of the code cannot be verified. - COMMAND_EXECUTION (MEDIUM): Subsequent commands like
npm installandnpm run buildexecute scripts defined within the downloaded repository. If the repository is compromised, these commands could trigger malicious lifecycle scripts (preinstall/postinstall) or malicious build-time code execution. - METADATA_POISONING (LOW): The note 'Never run npm run dev in VM environment' is suspicious, as anti-VM checks are often used by malware to avoid analysis in sandboxed environments, though it can also be used for performance-heavy animation development.
Audit Metadata