Skills
skills/datahub-project/datahub-skills/datahub-mfe-create-app/Gen Agent Trust Hub

datahub-mfe-create-app

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands such as npm install and npm start within the newly created application directory.
  • [EXTERNAL_DOWNLOADS]: Dependencies are fetched from the public npm registry during the npm install process. The requested packages are standard, well-known libraries for React and Webpack development.
  • [REMOTE_CODE_EXECUTION]: The skill generates project configuration and source files using templates and user-provided inputs, then executes the resulting scripts through the npm CLI. This constitutes dynamic execution of code generated at runtime.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. Ingestion points: User input collected via AskQuestion in SKILL.md. Boundary markers: Absent. Capability inventory: Performs file writes and shell execution (npm install, npm start) as described in SKILL.md. Sanitization: Absent; user input is interpolated directly into templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:25 PM