server-action-builder
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a robust architectural pattern for server actions that prioritizes security. It mandates the use of
getSession()for authentication and Zod for input validation before any database operations are performed. It also encourages the use of the standard Supabase client to ensure that Row Level Security (RLS) policies are respected, reducing the risk of unauthorized data access. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the ingestion of a user-provided feature name.
- Ingestion points: The
[feature-name]argument inSKILL.mdis interpolated into filenames, class names, and function names. - Boundary markers: Present; the skill uses Markdown code blocks to separate instructional text from the generated code templates.
- Capability inventory: The skill is designed to guide the agent in generating and writing boilerplate files to the filesystem.
- Sanitization: The skill does not explicitly specify sanitization or validation rules for the input string within the templates themselves, relying on the agent's general safety protocols.
Audit Metadata