Skills
skills/aradotso/security-skills/skill-file-security/Gen Agent Trust Hub

skill-file-security

Fail

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation explicitly directs users to run npx @netxeo/security-skill. This command downloads and executes arbitrary code from the NPM registry. The package originates from an unverified third-party organization, posing a risk of remote code execution.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external code and configuration fetched from npmjs.com and references external documentation on a Vercel-hosted domain.
  • [COMMAND_EXECUTION]: The skill defines slash commands such as /security-fix that enable the AI assistant to perform direct modifications to the project's file system, including source code and configuration files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 26, 2026, 04:55 AM
Security Audit — agent-trust-hub — skill-file-security