Skills
skills/lovstudio/skills/lovstudio-event-poster/Gen Agent Trust Hub

lovstudio-event-poster

Fail

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill requires the agent to run uvx lovstudio-skill-helper, which downloads and executes a Python package from a remote source to reveal the skill's actual instructions.
  • [COMMAND_EXECUTION]: The instructions explicitly direct the agent to run shell commands (uvx, npx) and follow the resulting output without verification, allowing for arbitrary logic to be injected into the agent's context.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external network requests to fetch the helper tool and potentially communicate with lovstudio.ai for license activation and instruction decryption.
  • [OBFUSCATION]: The primary logic of the skill is stored in an encrypted file (SKILL.md.enc), which is a deliberate technique to hide behavior from security reviews and static analysis tools.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 3, 2026, 04:10 AM