Skills
skills/kvnwolf/devtools/tanstack-start/Gen Agent Trust Hub

tanstack-start

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: In flows/setup/FLOW.md, the skill instructs the agent to execute a shell command incorporating a user-provided URL (<preset-url>) via bunx --bun shadcn@latest create. This pattern is susceptible to command injection if the input is not strictly validated or sanitized by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill triggers numerous package installations from the NPM registry and involves downloading configuration from a dynamic user-specified URL during the shadcn/ui setup phase.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) by ingesting untrusted data (the shadcn preset URL) and using it in a command-line capability. Evidence: 1. Ingestion point: flows/setup/FLOW.md Step 14 (user input). 2. Boundary markers: Absent. 3. Capability inventory: bunx subprocess call. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:51 PM