dashboard-toggle
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill script
manage_service.shexecutespnpm install, which downloads and installs dependencies from an external, non-trusted source repository. - [COMMAND_EXECUTION] (MEDIUM): The script executes
nodeon a local file (dist/index.js) that is part of a third-party project, resulting in the execution of unverified external code. - [EXTERNAL_DOWNLOADS] (LOW): The script attempts to install the
pnpmpackage manager globally usingnpm install -g pnpmif it is not detected on the system.
Audit Metadata