Skills
skills/vanman2024/ai-dev-marketplace/auth-components/Gen Agent Trust Hub

auth-components

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script scripts/customize-appearance.sh uses an unquoted heredoc (<<EOF) when generating the custom theme configuration. This allows the shell to perform variable expansion and command substitution on the environment variables BRAND_COLOR, BACKGROUND, and TEXT_COLOR. If an attacker can influence these variables (e.g., setting BRAND_COLOR to $(whoami)), the command will execute in the context of the shell running the script.
  • [DATA_EXPOSURE] (SAFE): The skill follows security best practices by using environment variable placeholders for API keys and providing a validation script (scripts/validate-components.sh) that proactively checks for hardcoded secrets.
  • [EXTERNAL_DOWNLOADS] (SAFE): All dependencies mentioned (e.g., @clerk/nextjs, @clerk/themes) are from official, reputable sources related to the Clerk authentication service.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:32 PM