app-builder
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill and its templates follow standard software development practices for project initialization and do not contain malicious instructions or hidden code.
- [COMMAND_EXECUTION]: The skill utilizes standard package managers and initialization tools such as npm, pip, and npx for scaffolding frameworks like Next.js, Nuxt, and FastAPI.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user natural language requests to determine project structure. While this represents a surface for indirect prompt injection, the orchestrated multi-agent pipeline and predefined templates act as structural guardrails. Ingestion points: user request input described in SKILL.md; Boundary markers: not explicitly defined; Capability inventory: Bash, Write, Edit, Agent (SKILL.md); Sanitization: not explicitly documented. (Severity: SAFE)
Audit Metadata