electron-app-dev
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python utility (
scripts/create_electron_app.py) that writes several configuration and source files to the local filesystem. This is the intended functional behavior for a project scaffolding tool. - [EXTERNAL_DOWNLOADS]: The generated project templates reference industry-standard and well-known software packages from the public NPM registry, such as
electron,vite, andreact. - [PROMPT_INJECTION]: The
create_electron_app.pyscript presents an indirect prompt injection surface (Category 8). Ingestion points: Untrusted data enters the script through theproject_namecommand-line argument. Boundary markers: There are no delimiters or specific instructions to ignore embedded commands in the user-provided input. Capability inventory: The script has filesystem write access via thewrite_textfunction. Sanitization: Theproject_nameinput is used directly in file path construction without sanitization, creating a potential path traversal surface if provided with malicious strings (e.g., '../').
Audit Metadata