Skills
skills/rebyteai-template/rebyte-skills/py-intro/Gen Agent Trust Hub

py-intro

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The instruction to git clone https://github.com/Eng0AI/py-intro-template.git pulls code from a non-whitelisted GitHub account. Since the source is untrusted, the contents of the repository (including scripts and configuration) are unverified.
  • [COMMAND_EXECUTION] (MEDIUM): The setup instructions include running pnpm install, which can trigger automatic execution of lifecycle scripts (like preinstall or postinstall) defined in the downloaded repository. The command pnpm dev also starts a local server based on the untrusted third-party configuration.
  • [REMOTE_CODE_EXECUTION] (LOW): The skill utilizes slidev-addon-python-runner, which enables interactive code execution. While intended for educational demos, this provides a functional surface for executing arbitrary Python code on the local machine.
  • [CREDENTIALS_UNSAFE] (SAFE): The deployment section references $VERCEL_TOKEN. While it uses an environment variable (standard practice), users should ensure that these tokens are not exposed if the skill's build process is compromised by the untrusted template.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 02:25 PM