blackbox

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is broadly aligned with its purpose and uses official Blackbox sources, but it delegates code and prompts to an external AI CLI/service, can ingest untrusted PR content, and documents an auto-approve mode. Main risks are indirect prompt injection and autonomous external-agent behavior rather than confirmed malware.

Confidence: 89%Severity: 62%
Audit Metadata
Analyzed At
May 16, 2026, 01:46 PM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fblackbox%2F@f335dda3af28b747cf1fa4b4c246040c035c4830
Security Audit — socket — blackbox