This code templating skill unnecessarily grants unrestricted
Claims to do
Corder Code Templates Skill: このSkillは、corderエージェントが新機能を実装する際に使用するコードテンプレート集です。REST APIエンドポイント、Reactコンポーネント、データベースモデル、認証ロジック、エラーハンドリングなど、頻出パターンのテンプレートを提供します。
Actually does
The skill uses the `Read` tool to access its internal code templates and the `Write` tool to output these templates into the user's project directory. It leverages the `Bash` tool to execute shell commands, likely for copying template files and potentially performing placeholder replacements within the user's file system. It does not contact any external URLs.
/plugin marketplace add takemi-ohama/ai-agent-marketplace/plugin install corder-code-templates@takemi-ohama/ai-agent-marketplacenpx skills add https://github.com/takemi-ohama/ai-agent-marketplaceThe skill is granted unrestricted Bash execution capabilities, which can be leveraged by a malicious agent or prompt for arbitrary command execution, data exfiltration, or system compromise. While the skill's stated purpose is code templating, Bash access is not strictly necessary for template generation and poses a significant security risk.
allowed-tools: - Bash
[](https://mondoo.com/ai-agent-security/skills/github/takemi-ohama/ai-agent-marketplace/corder-code-templates)<a href="https://mondoo.com/ai-agent-security/skills/github/takemi-ohama/ai-agent-marketplace/corder-code-templates"><img src="https://mondoo.com/ai-agent-security/api/badge/github/takemi-ohama/ai-agent-marketplace/corder-code-templates.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/takemi-ohama/ai-agent-marketplace/corder-code-templates.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.