npm-git-install
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides examples for installing packages from an external, non-whitelisted repository (github.com/JEO-tech-ai/supercode.git).
- [COMMAND_EXECUTION]: Includes instructions for using sudo for directory ownership changes and system package installation, as well as modifying shell profiles (~/.bashrc) to alter the system PATH.
- [REMOTE_CODE_EXECUTION]: Explains how npm install triggers the execution of prepare scripts from remote repositories, which allows for arbitrary code execution during the installation process.
- [CREDENTIALS_UNSAFE]: Discusses the use of Personal Access Tokens (PATs) in URLs (e.g., git+https://token@github.com/...) which can lead to credential exposure in command history or logs.
- [PROMPT_INJECTION]: 1. Ingestion points: Remote code and package metadata fetched via npm install from Git URLs in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: npm install, sudo, and shell profile modifications in SKILL.md. 4. Sanitization: No sanitization or validation of the remote repository content is mentioned.
Audit Metadata