cache-poisoning-pwn-demo

Name: cache-poisoning-pwn-demo
Author: GitHub Actions

SkillAI Tooldemosecuritysupply-chaineducation

Educational demo: a deliberately vulnerable npm package showing how GitHub Actions cache poisoning can produce a malicious release without stealing any credential. Do NOT use in production.

Directory Presence

Cross-referenced across 55 tracked directories

Directory	Status	First Seen	Last Confirmed	Link
N npm Skills Registry		6/9/2026	6/9/2026

Adoption Metrics & Statistics

#5416

Popularity Rank

1 / 55

Listed In

Emerging

Adoption Stage

5/13/2026

First Seen

Recently added to the ecosystem

Health Score

9/100

Directory Presence5/20

Community0/30

Usage0/20

Development Activity4/30

Directory Adoption Over Time

Jun 9, 26: + npm Skills Registry

AI Security Scan

skillful.sh

Run an AI-powered security scan to analyze this package's source code for vulnerabilities, prompt injection vectors, data exfiltration risks, and behavior mismatches.

Scans fetch actual source code from the GitHub repository, not just the README.

Related Skills

portkey-ai

narengogi

Node client library for the Portkey API

SkillAI Tool

473 dirs

cohere-ai

cohereai

![](banner.png)

SkillAI Tool

1693 dirs

@perplexity-ai/ai-sdk

kesku

Search the web with real-time results and advanced filtering powered by Perplexity's Search API

SkillAI Tool

3 dirs

size-limit

CLI tool for Size Limit

SkillAI Tool

6.9K3 dirs