electron-base
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructional rules intended to steer the AI agent toward generating secure code (e.g., enforcing context isolation and discouraging hardcoded keys). These instructions are safety-enhancing and do not attempt to bypass agent security filters or override fundamental system prompts.
- [DATA_EXFILTRATION]: The provided templates use machine-unique identifiers to derive encryption keys for local storage, which is a significant improvement over hardcoded secrets. Network requests in the authentication handlers use placeholder URLs (e.g., 'your-api.example.com') and follow standard security patterns for token exchange and session validation.
- [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted Node.js packages (e.g., electron, electron-store, vite) for project initialization. It does not contain any patterns for downloading or executing scripts from untrusted remote sources.
- [COMMAND_EXECUTION]: The templates demonstrate safe usage of Electron's shell API (e.g., opening external links in the system browser) and specific IPC handlers. These implementations follow the principle of least privilege and prevent common vulnerabilities like arbitrary code execution from the renderer process.
Audit Metadata