electron-egg
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill recommends installing the 'electron-egg' package via npm, yarn, or pnpm. This package is not from a trusted organization or repository as defined in the security policy, posing a potential supply-chain risk.
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to load and follow instructions from local markdown files in the 'examples/', 'api/', and 'templates/' directories. This creates a surface where the agent's logic is determined by content that is processed at runtime, which could be exploited if the skill content is untrusted.
Audit Metadata