create-project
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
npx create-dzx@latestto download and run the scaffolding tool. The source packagecreate-dzxis not hosted by a recognized trusted organization, posing a risk of executing unverified third-party code. - COMMAND_EXECUTION (LOW): The instructions include multiple shell commands (
dzx init,dzx validate,dzx inspect,dzx dev,dzx build) used for project lifecycle management. - REMOTE_CODE_EXECUTION (MEDIUM): Running
npxwith@latestdownloads and executes code from a remote registry at runtime. This allows for the execution of potentially modified or malicious code if the registry or package is compromised. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted user input to define project architecture and manifest settings.
- Ingestion points: User-provided purpose, workflows, and constraints in Step 1.
- Boundary markers: Absent; there are no instructions to the agent to treat user input as data rather than instructions.
- Capability inventory: File system writes (scaffolding), network access (npx), and arbitrary command execution (dzx dev/build).
- Sanitization: Absent; the skill does not mention escaping or validating user inputs before interpolating them into the project structure or manifest.
Audit Metadata