pinme
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs the agent to install a global npm package (
pinme) from an author ('glitternetwork') not on the trusted organizations list. This introduces a supply chain risk where malicious updates to the package could compromise the host environment. - [Command Execution] (MEDIUM): The skill relies on executing shell commands (
npm install -g pinme,pinme upload) to perform its primary function. Executing commands from untrusted packages can lead to arbitrary code execution. - [Data Exposure] (LOW): The primary function is to upload data to IPFS, which is a public decentralized network. While the skill explicitly forbids uploading sensitive files like
.env,.git, andnode_modules, any content within the detected build directories (e.g.,dist/,build/) will be made publicly available once uploaded. - [Indirect Prompt Injection] (LOW): The skill identifies and processes local directory structures which could be manipulated by an attacker to influence agent behavior.
- Ingestion points: Local file system directory names and file structure.
- Boundary markers: Absent. The skill does not use specific delimiters when passing directory paths to shell commands.
- Capability inventory: Shell command execution (
npm,pinme) and network access (viapinme upload). - Sanitization: Absent. There is no evidence of path sanitization before execution.
Audit Metadata