ln-722-backend-generator
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes 'dotnet build' in Phase 5 to verify that the generated C# solution compiles correctly without errors. This is a routine operation for development-oriented skills.
- [EXTERNAL_DOWNLOADS]: Downloads reference templates and configuration files from the author's GitHub repository (github.com/levnikolaevich/claude-code-skills) using WebFetch when local files are missing. These resources are vendor-owned and consistent with the skill's purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted input (entity names, project names, and features) which are then interpolated into generated C# files and folder names. Evidence: Ingestion points in SKILL.md (Phase 1); Capability inventory includes file-write and 'dotnet build'; no explicit boundary markers or sanitization logic is documented to prevent malicious payloads in entity names from affecting the generated source code.
Audit Metadata