sealos-app-builder
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to install the Sealos SDK using package managers like
pnpm,npm, oryarn. These commands target the@labring/sealos-desktop-sdkpackage, which is an official resource owned by the skill's authoring vendor. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@labring/sealos-desktop-sdklibrary. This is a standard dependency for developing Sealos applications and originates from a trusted vendor source. - [PROMPT_INJECTION]: The skill workflow involves an indirect prompt injection surface because it requires the agent to read and analyze untrusted local repository source code to determine how to adapt the app.
- Ingestion points: The agent reads local repository files, specifically searching for
packages/client-sdk,providers/directories, and existing root components as described inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions that might be embedded within the project files it analyzes.
- Capability inventory: The agent has the capability to modify project files and execute terminal commands for package installation and project initialization.
- Sanitization: No sanitization or validation of the content read from the repository is performed before the agent uses it to make implementation decisions.
Audit Metadata