Skills
skills/secondsky/sap-skills/sapui5-cli/Gen Agent Trust Hub

sapui5-cli

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The benchmarking guide (references/benchmarking.md) directs users to download the hyperfine executable from a non-vendor GitHub repository (sharkdp/hyperfine).
  • [COMMAND_EXECUTION]: Benchmarking instructions in references/benchmarking.md utilize sudo to install downloaded Debian packages (dpkg -i), disable system swap (swapoff), and modify kernel parameters via the CPU scaling governor.
  • [REMOTE_CODE_EXECUTION]: The skill provides JavaScript boilerplate for custom build tasks and server middleware (templates/custom-task-template.js, templates/custom-middleware-template.js) which execute code with access to the local filesystem and network. Documentation in references/build-process.md also references the use of eval() in legacy build processes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 08:50 PM