Skills
NYC
skills/alpic-ai/skybridge/chatgpt-app-builder/Gen Agent Trust Hub

chatgpt-app-builder

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The file references/copy-template.md instructs the agent to run {pm} create skybridge@latest, which downloads and executes an unverified package from a public registry (npm/deno).
  • [COMMAND_EXECUTION] (MEDIUM): The file references/run-locally.md involves running npm install, npm run dev, and ngrok. These commands execute local code and establish network tunnels to the internet.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface: 1. Ingestion points: references/fetch-and-render-data.md (API responses for flights/restaurants). 2. Boundary markers: Absent. 3. Capability inventory: references/run-locally.md (Subprocess execution). 4. Sanitization: Absent. The skill passes external data directly to the LLM via data-llm and structuredContent without sanitization or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:55 PM