stream-builder
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill scaffolds projects using well-known tools like shadcn/ui and installs official Stream SDKs via npm. It also allows for optional installation of markdown-only skill packs from trusted GitHub organizations (Vercel Labs and Anthropic) only after explicit user consent.
- [COMMAND_EXECUTION]: Automates the development workflow by executing shell commands to initialize project directories, manage dependencies, and launch a local development server.
- [CREDENTIALS_UNSAFE]: Implements secure handling of API keys by using a local CLI to write them directly to a .env file. It includes safety checks to ensure the .env file is gitignored and instructs the agent to avoid reading these secrets directly.
- [REMOTE_CODE_EXECUTION]: While the skill executes remote code through package managers and scaffolding tools, all sources are verified as well-known technology providers or trusted organizations.
Audit Metadata