wpf-mvvm-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill performs legitimate code scaffolding for WPF applications using the CommunityToolkit.Mvvm library. All logic is transparent and follows standard development practices.\n- [DATA_EXPOSURE & EXFILTRATION] (SAFE): Filesystem access is limited to the local project directory for scaffolding purposes (using Read, Glob, Write, and Edit). No evidence of unauthorized data access or external transmission was found.\n- [COMMAND_EXECUTION] (SAFE): The skill does not execute shell commands, external binaries, or subprocesses.\n- [INDIRECT_PROMPT_INJECTION] (LOW): A vulnerability surface exists where user input and local file data are ingested into the prompt context for code generation.\n
- Ingestion points: Entity name from $ARGUMENTS[0] and existing project files read via Glob and Read.\n
- Boundary markers: No specific delimiters or safety warnings are present in the code templates.\n
- Capability inventory: The skill has Write and Edit capabilities to create C# and XAML files.\n
- Sanitization: The skill mitigates risks by explicitly validating the entity name for PascalCase, C# reserved words, and special characters before generation.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not download or execute remote scripts or packages.
Audit Metadata