app-icon
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill explicitly instructs the agent to ask the user for an OpenAI API key (noting it 'starts with sk-') and then pass it to a CLI tool via a command-line argument ('snapai config --api-key'). This brings raw secrets into the agent's context and process memory, and may leave them in the shell's command history.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on 'npx snapai', which downloads and executes an unverified third-party package from the npm registry. This presents a risk of supply chain attack or execution of malicious code if the package is not maintained or is compromised.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The usage of 'npx' to execute unverified code at runtime constitutes a remote code execution surface. Additionally, the skill suggests installing system-level software using 'brew install imagemagick'.
- [COMMAND_EXECUTION] (LOW): The skill performs extensive shell operations including directory creation ('mkdir'), file copying ('cp'), image manipulation ('convert', 'sips'), and project configuration updates ('app.json').
- [PROMPT_INJECTION] (LOW): The skill contains instructions for the agent to 'Read the app.json to understand the app name'. If the app.json file is sourced from an untrusted third party, it could contain indirect prompt injection patterns designed to influence the agent's subsequent behavior.
Audit Metadata