android-store-listing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute a local Python script (
scripts/generate-feature-graphic.py) using user-provided inputs (app_name,tagline,primary_color) without explicit sanitization or boundary markers. - Ingestion points: Inputs defined in the skill frontmatter (
app_name,tagline,primary_color,description) are processed at runtime. - Boundary markers: No delimiters or safety instructions are used to separate user data from the command execution in Step 2, Option C.
- Capability inventory: The skill utilizes shell command execution (via
python3,bundle exec fastlane, and standard Unix utilities) and filesystem access (mkdir,cp,ls). - Sanitization: There is no evidence of sanitization or validation of the input strings before they are passed as arguments to the Python script.
Audit Metadata