Skills
skills/vibe-motion/skills/ruler-progress-render/Gen Agent Trust Hub

ruler-progress-render

Fail

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads source code from a third-party GitHub repository.
  • Evidence: Clones https://github.com/sxhzju/ruler-progress-animator.git in scripts/render_ruler_progress.sh.
  • [REMOTE_CODE_EXECUTION]: The skill installs and executes code from the downloaded repository.
  • Evidence:
  • Executes npm install within the cloned directory in scripts/render_ruler_progress.sh.
  • Runs npm run remotion:render or npx remotion render, executing scripts defined in the external repository's configuration.
  • [COMMAND_EXECUTION]: The skill uses the node interpreter to evaluate code that dynamically imports and executes logic from the external repository.
  • Evidence:
  • Uses node --input-type=module -e to import ACTIVE_COMPOSITION_ID and read JSON configuration from the cloned files in scripts/render_ruler_progress.sh.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 8, 2026, 12:41 PM