integrate-uppy-transloadit-s3-uploading-to-nextjs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs several standard dependencies from npm (@uppy/core, @uppy/dashboard, @uppy/transloadit, @transloadit/utils). While these are not from the predefined 'Trusted Organizations' list, they are the official libraries for the services described.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly identifies sensitive environment variables (TRANSLOADIT_SECRET) and explicitly warns the user to keep them server-side and out of the browser environment.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns of arbitrary command execution or piped remote scripts were detected. The use of 'npx' is restricted to a specific official utility for template creation.
- [MALICIOUS_URL] (INFO): An automated scanner flagged 'existing.co' as malicious. Manual inspection of the code (SKILL.md) reveals this is a false positive; the scanner likely misinterpreted the JavaScript code 'existing.concat()' as a URL. No such domain is referenced in the skill.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata