Skills
NYC
skills/duc01226/easyplatform/web-frameworks/Gen Agent Trust Hub

web-frameworks

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill demonstrates data fetching from external APIs (Pattern 3: Optimized Data Fetching), which creates a surface for indirect prompt injection if the API-controlled data contains malicious instructions.
  • Ingestion points: Data fetched from https://api.example.com/posts/${slug} in app/posts/[slug]/page.tsx.
  • Boundary markers: Absent; fetched content is used directly in the template.
  • Capability inventory: Subprocess execution via npx, npm, and python scripts.
  • Sanitization: No sanitization or validation of the fetched JSON content is demonstrated.
  • External Downloads (LOW): The setup instructions use npx and npm to download and execute code from public registries. These are standard developer tools and target well-known frameworks.
  • Command Execution (LOW): The skill provides instructions to run local Python scripts (nextjs-init.py and turborepo-migrate.py) for project automation. This is consistent with the skill's purpose but involves code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:29 PM