rockets-crud-generator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/validate.jsscript invokesyarn buildornpm run buildusingexecSyncto ensure the generated code compiles correctly within the project context. - [PROMPT_INJECTION]: This skill facilitates indirect prompt injection by generating TypeScript source code from user-provided JSON configurations. Ingestion points: JSON data ingested via
scripts/generate.jsthrough command-line arguments or standard input. Boundary markers: None; user-supplied values are interpolated directly into code templates without explicit delimiters. Capability inventory:scripts/integrate.jsperforms filesystem write operations andscripts/validate.jsperforms shell command execution. Sanitization: The logic includes routines to escape single quotes in DTO metadata and backslashes in regex patterns to mitigate basic code injection attempts.
Audit Metadata