nextjs-supabase
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill clones a repository from an untrusted GitHub user (Eng0AI/nextjs-supabase-template) which is not on the trusted sources list.
- REMOTE_CODE_EXECUTION (HIGH): The skill executes 'npm install' and 'npm run dev/build' on the downloaded untrusted code, enabling arbitrary code execution through post-install scripts or the build process.
- COMMAND_EXECUTION (HIGH): The skill executes multiple shell commands (git, mv, rm, npm) on content retrieved from an external, unverifiable source.
Recommendations
- AI detected serious security threats
Audit Metadata