40Medium
The skill uses keyword stuffing for unauthorized discovery and executes unconstrained system commands or network requests without declaring necessary tools, posing a significant risk of arbitrary code execution.
Skill Info
Namezxzin/zinxtick
Registrygithub
Versionfe5e2c5cc5ee
PURLpkg:github/zxzin/zinxtick@fe5e2c5cc5ee
Stars20
Source
Install
This skill has findings worth reviewing before installing.
GitHub
Skills.shDocs
npx skills add https://github.com/zxzin/zinxtickAssessments (3)
AI Agent Traps ↗Keyword baiting in descriptionmediumdiscovery abuse
Description contains a long keyword list that may be designed to trigger the skill for unrelated queries.
70% confidence
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/zxzin/zinxtick)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/zxzin/zinxtick"><img src="https://mondoo.com/ai-agent-security/api/badge/github/zxzin/zinxtick.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/zxzin/zinxtick.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow