app-icon
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill's setup instructions (Step 0) explicitly direct the agent to ask the user for an OpenAI API key (starting with 'sk-') and then configure it using a CLI command. This practice exposes sensitive credentials in the agent's interaction logs and process history.\n- [EXTERNAL_DOWNLOADS]: The skill relies on 'npx snapai', which downloads and executes code from the npm registry at runtime. This package is not provided by a trusted organization or well-known service, posing a risk of executing unverified code.\n- [COMMAND_EXECUTION]: The workflow requires executing multiple shell commands, including 'brew install imagemagick' for system-level software installation and 'npx expo prebuild', which can have broad impacts on the local development environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: 'app.json' (Step 1) and the output of 'npx snapai config --show' (Step 0). 2. Boundary markers: Absent. 3. Capability inventory: Significant, including file system access ('mkdir', 'cp', 'cat'), network access ('npx'), and system commands ('brew', 'magick'). 4. Sanitization: Absent. Malicious content in the processed configuration files or command outputs could manipulate the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata