app-store-screenshots-generator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository (github.com/ParthJadhav/app-store-screenshots) for installation and sourcing of the screenshot generator assets.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands to manage dependencies (using npm, bun, pnpm, or yarn) and to start a local development server (npm dev).
- [PROMPT_INJECTION]: The skill ingests user-supplied text (brand descriptions, features, and style preferences) which is then interpolated into generated application code (page.tsx). This creates a surface for indirect prompt injection as there are no explicit boundary markers or sanitization steps mentioned for the processed input.
- Ingestion points: User-provided habit tracker details and brand preferences used in page.tsx generation.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: File system writes (creating project structure and page.tsx), command execution (package installation and starting dev server).
- Sanitization: None identified for the user-supplied strings.
Audit Metadata