app-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process natural language requests from users to plan and execute complex tasks. It lacks explicit boundary markers or instructions to disregard malicious commands embedded within user input.
- Ingestion points: Processes natural language user requests to determine project structure and tech stacks.
- Boundary markers: Absent. There are no instructions to differentiate between user intent and malicious instructions.
- Capability inventory: Includes
Bash,Write,Edit, andAgenttools. This provides the agent with the ability to execute arbitrary shell commands and modify the filesystem. - Sanitization: Absent. There is no logic provided to filter or escape user input before it influences tool usage.
- Command Execution (HIGH): The skill is granted
Bashtool access. While necessary for its stated purpose of building applications, this capability can be weaponized if a user provides a request containing malicious shell commands that the agent then executes during the 'scaffolding' or 'feature building' phases.
Recommendations
- AI detected serious security threats
Audit Metadata