Skills
skills/jackiexiao/01mvp-finance/setup-finance-app/Gen Agent Trust Hub

setup-finance-app

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes system-level commands including gh repo clone, pnpm install, and kill -9. The latter is used to terminate processes bound to port 3000 during troubleshooting.
  • [EXTERNAL_DOWNLOADS]: It clones the application source code from the author's public GitHub repository (jackiexiao/01mvp-finance) using the GitHub CLI.
  • [REMOTE_CODE_EXECUTION]: By invoking pnpm install and pnpm run dev, the skill executes arbitrary code and scripts defined in the cloned external repository.
  • [CREDENTIALS_UNSAFE]: The setup process requires the user to place a .env.local file containing database connection strings and secret keys into the project directory.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by downloading and reading content from an external repository. Ingestion points: gh repo clone (SKILL.md). Boundary markers: Absent. Capability inventory: pnpm, kill, git, gh (SKILL.md). Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 10:02 AM