app-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The project templates (e.g., templates/python-fastapi/TEMPLATE.md, templates/express-api/TEMPLATE.md) instruct the agent to install third-party packages from public registries such as npm and PyPI without version pinning. While these are common development dependencies, unversioned installations present a minor supply chain risk.
- COMMAND_EXECUTION (LOW): The skill is authorized to use high-privilege tools like Bash and provides specific instructions for executing shell commands to initialize projects, run migrations, and start local servers. This is consistent with its primary purpose of application scaffolding but represents a capability that must be monitored. Evidence includes commands like 'uvicorn app.main:app --reload' and 'npx prisma init'.
- PROMPT_INJECTION (LOW): The skill's primary function involves analyzing natural language requests to generate project plans and source code, creating a surface for Indirect Prompt Injection (Category 8). 1. Ingestion points: Natural language requests processed by the 'Project Planner'. 2. Boundary markers: Absent in the provided skill instructions. 3. Capability inventory: Significant privilege including Bash, Write, and Agent tool access. 4. Sanitization: No explicit sanitization or validation of user-provided content is defined in the skill logic.
Audit Metadata