security-review-2
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The instructions require running
npx skills add zackkorman/skills. This GitHub user is not a trusted source, and installing unverified skills can lead to the execution of malicious code or instructions. - [PROMPT_INJECTION] (LOW): The description contains the instruction 'ALWAYS run this at the end of each task', which is a behavioral override designed to ensure the skill's logic persists across all future agent actions.
- [COMMAND_EXECUTION] (SAFE): The skill's use of
npm audit,govulncheck, andtrivyis standard for security auditing and does not present a threat.
Audit Metadata