figma-portfolio-nextjs
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to clone a repository from an unverified individual GitHub account (
ibrahimmemonn/Figma_Portfolio.git). This is an external source outside of the provided trusted vendor or organization lists. - [COMMAND_EXECUTION]: Directs the execution of
npm installandnpm run devimmediately after cloning the unverified repository. These commands execute code defined in the external repository's configuration (scripts and dependency lifecycle hooks), which could lead to arbitrary code execution if the source repository is compromised or malicious. - [COMMAND_EXECUTION]: Instructs the global installation of the Vercel CLI (
npm i -g vercel). While Vercel is a well-known service, global installations modify the system environment.
Audit Metadata