web-frameworks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation instructs the user/agent to use
npxandnpmto fetch and run scaffolding tools likecreate-next-appandcreate-turbo. Since these tools are maintained by Vercel (a trusted organization), the severity is downgraded to LOW per the [TRUST-SCOPE-RULE].\n- [COMMAND_EXECUTION] (LOW): TheSKILL.mdfile references Python utility scripts (nextjs-init.pyandturborepo-migrate.py) for project initialization and migration tasks. These scripts were missing from the uploaded file set, preventing a thorough security audit of their internal command-construction logic and subprocess handling.\n- [REMOTE_CODE_EXECUTION] (LOW): The pattern of executing tools vianpxinvolves fetching and running code from a remote registry at runtime. While the packages mentioned are standard and reputable, the mechanism remains a vector for remote code execution.\n- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface as it accepts user-provided parameters (such as project names or paths) that are passed to CLI scripts. \n - Ingestion points: CLI arguments in
SKILL.mdused by the initialization scripts.\n - Boundary markers: Absent in provided documentation.\n
- Capability inventory: Project scaffolding, file system writes, and potential shell command execution.\n
- Sanitization: Unverifiable due to the missing source code for the referenced Python scripts.
Audit Metadata