phx-create-live-resource
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: Executes standard Phoenix and Elixir development commands including 'mix phx.gen.schema', 'mix ecto.migrate', 'mix compile', and 'mix test'. It also uses 'ls' and 'grep' for project structure discovery. These operations are restricted to the local development environment and align with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by interpolating user-provided resource names and field definitions into shell commands and generated code.
- Ingestion points: User-supplied resource name, context, and field definitions.
- Boundary markers: Not present.
- Capability inventory: Subprocess execution of 'mix' commands and file system writes.
- Sanitization: Not explicitly defined in the skill instructions.
- [NO_CODE]: The skill consists of instructional templates and does not package any standalone scripts, binaries, or third-party dependencies.
Audit Metadata