Skills
skills/starchild-ai-agent/community-skills/@1977/billions-faiar/Gen Agent Trust Hub

@1977/billions-faiar

Fail

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx clawhub@latest to execute code from a remote npm package. This allows for arbitrary remote code execution, as the package's behavior is not defined or constrained within the skill files.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the npm registry via the clawhub package at runtime. This external dependency is not a verified or trusted source, creating a supply chain vulnerability.
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands (npx) to install its core functionality, granting the agent power to interact with the system environment.
  • [PROMPT_INJECTION]: A hidden Unicode character (U+2028) was detected in the frontmatter description field. Such characters are used in steganographic techniques to hide malicious instructions or bypass prompt filters.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 3, 2026, 01:57 AM
Security Audit — agent-trust-hub — @1977/billions-faiar