Skills
skills/cognitedata/builder-skills/setup-dune-auth/Gen Agent Trust Hub

setup-dune-auth

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs official vendor packages including @cognite/dune, @cognite/sdk, and @cognite/app-sdk, along with well-known community libraries like @tanstack/react-query and vite-plugin-mkcert from the public npm registry.
  • [COMMAND_EXECUTION]: Uses the Bash tool to perform package installations (npm, yarn, or pnpm) and to execute configuration tasks within the project directory.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by reading and acting upon untrusted project data (e.g., app.json, package.json).
  • Ingestion points: Reads configuration and source files including app.json, package.json, src/main.tsx, and vite.config.ts.
  • Boundary markers: None; the agent processes the raw content of these files to determine the setup flow.
  • Capability inventory: High-privilege tools including Bash, Write, and Edit are available to the agent after processing the input.
  • Sanitization: None; the skill assumes project files are safe to interpret for logic decisions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 02:37 PM