research-project-maintenance
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The file references/external-skill-recommendations.md contains instructions to install skills from various GitHub repositories. These include recommendations for the author's own skills and tools from trusted organizations, as well as several unverified individual accounts like existential-birds, davila7, and bahayonghang.
- [REMOTE_CODE_EXECUTION]: The documentation provides shell commands that use npx -y skills add to download and integrate external code into the agent's environment, which constitutes the execution of third-party software.
- [COMMAND_EXECUTION]: One of the recommended installation targets is llllllllama/ai-paper-reproduction-skill. The handle llllllllama uses character repetition, which is a red-flag pattern for typosquatting or impersonating well-known names. Recommending the installation of code from suspicious or unverified repositories increases the risk of compromising the agent's execution environment.
Audit Metadata