app-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill automates the installation of dependencies from npm, PyPI, and Pub registries across 12 different project templates. This introduces risks associated with executing untrusted third-party code.
- REMOTE_CODE_EXECUTION (MEDIUM): Templates frequently use
npxandnpm create(e.g.,npx create-next-app,npx nuxi init) to execute remote scaffolding scripts directly from the internet. - COMMAND_EXECUTION (MEDIUM): High-privilege Bash access is used to run installation, build, and development commands. If a user provides a malicious project name or feature request, it could potentially result in command injection.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8). 1. Ingestion point: User requests in
SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, Glob, Grep, Agent. 4. Sanitization: Absent. This allows untrusted user input to influence high-impact shell commands and file modifications.
Audit Metadata