ionic-app-creation
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands to install the Ionic CLI globally and scaffold new projects. It also recommends using sudo for installation errors in SKILL.md, which involves acquiring elevated system privileges.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: User-provided project configuration details (name, package-id) gathered in SKILL.md Step 2. Boundary markers: Absent. Capability inventory: Subprocess execution via ionic start and npm install. Sanitization: Absent; the skill does not specify any validation or escaping of user input before it is interpolated into the shell command in Step 3.
- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of project templates and library packages from the npm registry and GitHub repositories associated with the Ionic framework and Tailwind CSS.
Audit Metadata