Skills
skills/rebyteai-template/rebyte-skills/happiness-dashboard/Gen Agent Trust Hub

happiness-dashboard

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The skill performs git clone on an untrusted repository (https://github.com/Eng0AI/happiness-dashboard-template.git) and then runs pnpm install and pnpm run build. This allows the repository owner to execute arbitrary code on the agent's system.
  • Data Exposure & Exfiltration (LOW): The setup uses the $VERCEL_TOKEN environment variable in shell commands. In conjunction with execution of untrusted code, this increases the risk of credential theft.
  • Indirect Prompt Injection (LOW): 1. Ingestion points: CSV files in sources/happiness_score/. 2. Boundary markers: None. 3. Capability inventory: pnpm build scripts and vercel deployment. 4. Sanitization: None. The skill processes untrusted external data which could be used to influence the agent's behavior or build output.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 02:25 PM