vite-react
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): Clones a template from 'https://github.com/Eng0AI/vite-react-template.git'. This source is untrusted, meaning the code being downloaded has not been verified for safety.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to run 'npm install' and 'npm run build' on the downloaded untrusted code. This is a dangerous pattern because npm lifecycle scripts (such as 'postinstall') or code execution within the build pipeline can be used to run arbitrary malicious commands on the system.
Recommendations
- AI detected serious security threats
Audit Metadata