backend-integration
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a reference repository from GitHub (customware-ai/template-be-setup.git) to provide the baseline for the backend integration. This repository is managed by the skill's author and hosted on a well-known service.\n- [REMOTE_CODE_EXECUTION]: The workflow involves replacing local configuration files and runtime scripts (package.json) with content retrieved from the remote repository and subsequently executing those scripts using npm.\n- [COMMAND_EXECUTION]: The skill utilizes system tools including git for repository cloning, npm for package management and script execution, and test runners such as Vitest and Playwright. It also interacts with SQLite databases via better-sqlite3.\n- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection by replacing the project's primary instruction file (AGENTS.md) with a version fetched from a remote repository.\n
- Ingestion points: The AGENTS.md file sourced from the customware-ai/template-be-setup repository (Step 5 of the Required Step Order).\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the remote AGENTS.md content as untrusted data.\n
- Capability inventory: The agent has extensive capabilities including filesystem modification, shell command execution (git, npm, npx), and network access.\n
- Sanitization: The skill adopts the remote instructions directly without filtering or verification.
Audit Metadata