Skills
skills/laguagu/claude-code-nextjs-skills/ai-app/Gen Agent Trust Hub

ai-app

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using bun and bunx to initialize projects and install dependencies (e.g., bunx --bun shadcn@latest create, bun add ai). These are standard operations for a code generation skill.- [EXTERNAL_DOWNLOADS]: Fetches configuration and project presets from ui.shadcn.com and downloads the ai-elements package. These sources are well-known technology services and the downloads are necessary for the skill's primary function.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests user-provided descriptions and app types to generate project code and run scaffolding commands.
  • Ingestion points: User-supplied app-type and description in SKILL.md.
  • Boundary markers: Not present; the user input is used directly to determine project requirements.
  • Capability inventory: Subprocess execution via bunx and bun for project setup and development server management.
  • Sanitization: Not present; the skill relies on the agent's internal reasoning to interpret user requirements safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 07:57 PM