eliteforge-frontend-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script to execute the onebase-cli command and runs pnpm i to initialize the generated project. This is the intended behavior for a project scaffolding tool.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the download of dependencies via the pnpm package manager, which is a standard and expected procedure for frontend development.\n- [SAFE]: User-provided inputs like company and product names are strictly validated using a regular expression that enforces kebab-case or are sanitized via a slugification function, effectively preventing command injection and path traversal attacks.\n- [SAFE]: The execution of external commands is performed using subprocess.run with an argument list instead of a shell string, which effectively mitigates shell-based command injection vulnerabilities.
Audit Metadata