d6e-app-development
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a framework for 'Indirect Prompt Injection' where app manifests include a
template_promptfield that is injected into the agent's system context. - Ingestion points:
template_promptfield in thetemplate.yamlmanifest file. - Boundary markers: The documentation specifies that prompts from different apps are automatically separated by headers in the format
## APP: namespace/name@version. - Capability inventory: The apps created via this skill have access to JavaScript execution, Docker container execution, and external HTTP network operations.
- Sanitization: The skill provides remediation guidance, instructing developers to review prompts to ensure they do not harm user data or bypass confirmation steps.
- [COMMAND_EXECUTION]: Describes the use of State Transition Functions (STFs) that execute custom logic using JavaScript or WebAssembly runtimes.
- [REMOTE_CODE_EXECUTION]: Facilitates the execution of remote code by allowing the definition of Docker-based STFs that pull images from registries such as GitHub Container Registry (ghcr.io).
- [DATA_EXFILTRATION]: Outlines the creation of 'Effects' and 'Workflows' capable of performing network operations, such as sending data to Slack webhooks or fetching from external REST APIs.
Audit Metadata