svelte5-development
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The README.md file contains explicit instructions to download a SKILL.md file from a non-trusted GitHub repository (splinesreticulating/claude-svelte5-skill) using curl. Because this repository and user are not on the permitted list of trusted sources, the integrity of the downloaded content cannot be verified.
- REMOTE_CODE_EXECUTION (MEDIUM): Installation of skills for Claude Code involves placing instruction files into a specific directory (.claude/skills/) where they are interpreted as capabilities for the AI agent. If the remote repository is malicious or compromised, the downloaded skill could instruct the agent to execute dangerous commands or exfiltrate data, effectively serving as a remote code execution vector.
Audit Metadata