Skills

The skill forces non-interactive global installations of unpinned, untrusted packages, creating a critical security vulnerability that allows arbitrary code execution with system-wide privileges.

The skill lacks transparency due to the absence of code blocks or usage examples, preventing users from verifying its functionality and security posture.

No security issues detected in vercel-labs/agent-skills/vercel-react-best-practices.

This skill facilitates remote code execution via dynamic instruction fetching, exposes sensitive session data through an insecure proxy, and employs keyword stuffing to hijack agent control for unauthorized tasks.

The skill uses keyword stuffing for over-triggering, lacks defined tool constraints for sensitive operations, and references missing documentation, suggesting potential runtime execution from unverified external sources.

The skill facilitates remote prompt injection by fetching and executing authoritative instructions from an external URL, allowing attackers to hijack agent behavior while bypassing security review processes.

The skill exhibits potential impersonation risks and relies on missing documentation files, causing silent workflow degradation and preventing transparent evaluation of its functionality.

The skill contains multiple broken documentation links to missing external files, creating an opaque execution environment that prevents proper security evaluation of its deployment workflows.

The skill contains multiple broken documentation references, indicating incomplete packaging that may cause runtime failures or unexpected behavior when accessing external resources.

The skill lacks defined tool constraints and relies on missing external documentation, creating an opaque execution environment that prevents proper security auditing and verification of its runtime behavior.

The skill contains multiple broken documentation links, indicating poor maintenance and potential runtime instability due to missing dependency references.

The skill lacks transparency and relies on missing external documentation, creating an opaque execution environment that prevents proper security verification of its runtime behavior.

The skill lacks transparency and contains multiple broken documentation references, leading to potential runtime failures or reliance on unverified external content.

The skill lacks transparency and contains multiple broken documentation references, leading to silent runtime degradation and an inability for users to verify its intended functionality.

The skill lacks transparency and references multiple missing documentation files, creating an opaque execution environment where workflows may silently degrade or fetch external content from untrusted sources.

The skill lacks transparency and verifiable code documentation, preventing users from assessing its security posture or confirming it performs only intended Azure role-based access control operations.

The skill exhibits a potential supply chain risk by referencing external documentation that is missing from the package, which could lead to unauthorized content injection or runtime execution errors.

The skill impersonates a brand, lacks declared tool constraints, performs unauthorized network access, and relies on missing external documentation, creating significant security and transparency risks.

No security issues detected in microsoft/azure-skills/azure-kusto.

The skill contains broken documentation links and missing assets, leading to silent runtime degradation and a lack of transparency regarding its operational dependencies.

The skill lacks sufficient documentation and code examples, preventing users from verifying its functionality and assessing potential security risks.

The skill uses hidden text, executes unpinned packages, performs unauthorized network and file operations, and relies on missing external documentation, creating significant security and supply chain risks.

The skill contains broken documentation links to missing reference files, causing silent workflow degradation and preventing users from verifying security and configuration practices.

The skill is functionally inert and lacks transparency regarding its purpose, licensing, and implementation, failing to provide any verifiable utility or security assurance.

The skill documentation references multiple missing workflow files, indicating incomplete packaging that causes silent functional degradation during runtime.

The skill lacks transparency and relies on multiple missing documentation files, creating an opaque execution environment where critical workflow logic is sourced from external, unverified locations at runtime.

The skill lacks defined tool constraints, documentation, and transparency, creating an opaque execution environment that prevents proper security auditing and verification of its runtime behavior.

The skill exhibits insecure design by bypassing model invocation restrictions and blindly executing unverified external skills, creating a significant risk of malicious sub-agent hijacking.

The skill lacks defined tool constraints, allowing unrestricted execution of commands, file operations, and network access, which poses a significant security risk for arbitrary code execution.

The skill lacks essential documentation files and a specified license, leading to potential runtime errors and ambiguity regarding usage terms.

The skill bypasses user confirmation, probes cloud metadata, and executes unconstrained operations while relying on external, non-packaged documentation, creating significant security and transparency risks.

The skill lacks a license and a descriptive purpose, but it does not exhibit any malicious behavior or security vulnerabilities.

The skill contains multiple broken documentation links to missing external files, creating an opaque execution environment where critical workflow logic is sourced from untrusted or undefined locations.

The skill executes unpinned, unverified packages and performs arbitrary system operations without declaring required tools, creating significant risks for supply chain attacks and unauthorized system access.

The skill executes unpinned, unverified packages and performs arbitrary system operations without declaring necessary tool constraints, creating a significant risk of supply chain compromise and unauthorized system access.

The skill executes unpinned, unverified npx packages at runtime, creating a significant supply chain risk by allowing arbitrary code execution from potentially malicious or compromised external dependencies.

The skill executes unpinned, unverified dependencies and performs arbitrary system operations without declaring required tools, creating a high risk of supply chain compromise and unauthorized system access.

The skill executes unpinned, unverified packages via npx at runtime, creating a significant supply chain risk by allowing arbitrary code execution from potentially compromised or malicious external dependencies.

The skill executes unpinned, unverified packages via npx, creating a significant supply chain risk by allowing arbitrary, potentially malicious code to run in the agent's environment.

The skill executes unpinned, unverified packages via npx, creating a significant supply chain risk by allowing arbitrary, potentially malicious code to run without integrity checks or version constraints.

The skill forces the execution of an undefined, external setup command, creating a significant security risk by allowing arbitrary, potentially malicious environment configuration from an untrusted source.

The skill facilitates unauthorized local file exfiltration and grants excessive file-editing permissions while relying on unverified, unpinned dependencies that expose the workspace to significant remote compromise risks.

The skill contains multiple broken documentation references that cause silent workflow degradation and fails to specify a license, indicating poor maintenance and lack of transparency.

The skill lacks transparency due to missing documentation files and an unspecified license, creating potential reliability issues and ambiguity regarding usage terms.

The skill lacks documentation for its core functions and introduces security risks by processing potentially malicious external content without adequate validation or defined usage terms.

The skill lacks defined tool constraints, allowing unrestricted execution of commands, file operations, and network access, which poses a significant security risk for unauthorized system interaction.

The skill facilitates SSRF via arbitrary URL fetching and enables remote command injection by piping unverified API responses directly into shell commands, violating its stated network access restrictions.

The skill executes an undefined, arbitrary command that risks unauthorized code execution and environment poisoning, while lacking transparency through missing documentation and licensing.