screwfast
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill clones a repository from an untrusted external source:
https://github.com/Eng0AI/screwfast-template.git. This organization is not recognized as a trusted source.\n- [REMOTE_CODE_EXECUTION] (HIGH): After cloning the external repository, the skill executesnpm installand runs a local scriptnode process-html.mjs. These actions execute code provided by the untrusted source, which could contain malicious logic or backdoors.\n- [COMMAND_EXECUTION] (MEDIUM): The skill performs potentially destructive shell operations including recursive directory deletion (rm -rf) and moving files, which may impact system stability if executed in an unintended context.
Recommendations
- AI detected serious security threats
Audit Metadata