web-app-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The workflow executes 'npm install' and 'npm run build', which can run arbitrary scripts defined in the project's package.json file.
- EXTERNAL_DOWNLOADS (LOW): The skill documentation suggests using npm to download third-party packages from the public npm registry.
- DATA_EXFILTRATION (MEDIUM): Project artifacts are bundled into a ZIP file and uploaded to api.rebyte.ai via curl, representing a data transfer to an external service not on the trusted list.
- PROMPT_INJECTION (LOW): The skill processes user-provided web application code which presents a surface for indirect prompt injection. Evidence: (1) Ingestion point: Web application source files. (2) Boundary markers: None specified. (3) Capability inventory: npm execution and curl network operations. (4) Sanitization: No sanitization of ingested code is described.
Audit Metadata