Skills
skills/ajrlewis/ai-skills/architect-nextjs-bun-app/Gen Agent Trust Hub

architect-nextjs-bun-app

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes shell commands such as bunx, bun, and docker to initialize the project, install dependencies, and run validation tests. This is standard for scaffolding tools.
  • [EXTERNAL_DOWNLOADS]: The skill downloads official packages and images from well-known services, including create-next-app from npm and the oven/bun Docker image from Docker Hub. These are trusted sources.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection or command injection via unvalidated user inputs.
  • Ingestion points: User-provided PROJECT_NAME and APP_PORT variables in SKILL.md.
  • Boundary markers: None are implemented to isolate user-supplied strings from the execution environment.
  • Capability inventory: Full subprocess execution for project scaffolding, package installation, and container management.
  • Sanitization: No input validation or escaping mechanisms are specified for the interpolated variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 12:16 AM