vite-flare-starter
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
git clone,pnpm install, andwranglerfor project initialization and deployment. These are standard operations for a scaffolding tool.\n- [EXTERNAL_DOWNLOADS]: Fetches a project template from the author's GitHub repository and installs dependencies from official registries. The repositorygithub.com/jezweb/vite-flare-starter.gitis a vendor-owned resource.\n- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection where user-provided inputs are interpolated into shell commands.\n - Ingestion points: Project name and description are requested from the user during the initial workflow step (SKILL.md).\n
- Boundary markers: No specific delimiters are used to wrap user-provided strings when they are used in commands.\n
- Capability inventory: The skill utilizes shell execution (
wrangler,git,pnpm) and file system modification tools.\n - Sanitization: No explicit sanitization is described, although the skill advises using internal edit tools as a safer alternative to shell commands for string replacement.
Audit Metadata