Skills
skills/rheinmir/setup/docs-site-macos/Gen Agent Trust Hub

docs-site-macos

Warn

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains instructions for the agent to execute shell commands to manage the local environment. Specifically, the 'Auto-Host' section uses lsof and kill -9 to terminate any existing process on port 8765.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx serve to host the generated site for preview. npx may download the serve package from the npm registry if it is not already available in the local cache. Additionally, the skill links to external font resources from Google Fonts (fonts.googleapis.com).
  • [REMOTE_CODE_EXECUTION]: The 'Auto-Host' functionality spawns a background service using nohup npx serve ... &. This pattern executes an external Node.js package, which constitutes remote code execution when the package is fetched at runtime.
  • [DATA_EXPOSURE]: The skill operates on the local file system, specifically creating and modifying files within the llmwiki/ directory. While this is consistent with its stated purpose of building a documentation wiki, it involves broad write access to project subdirectories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 10:21 AM
Security Audit — agent-trust-hub — docs-site-macos