appfactory-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill clones the untrusted repository 'github.com/MeltedMindz/AppFactory'. This source is not within the trusted list, making any subsequent execution hazardous.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill executes scripts from the cloned repository, specifically 'bash deploy.sh'. It also uses 'npx create-next-app' which fetches and executes remote packages.
- [COMMAND_EXECUTION] (HIGH): The skill performs numerous system-level commands including 'npx', 'npm', and 'git' which can lead to system compromise if the cloned repository contains malicious instructions or code.
- [PROMPT_INJECTION] (HIGH): Category 8 finding: (1) Ingestion points: User-provided app descriptions are used to guide the 'One prompt -> live URL' workflow. (2) Boundary markers: None identified in the provided skill files. (3) Capability inventory: 'npx', 'npm run build', 'npx vercel', and 'bash' scripts (file write, network access, execution). (4) Sanitization: None identified. This creates a high-risk surface for indirect prompt injection where malicious input could influence the generated code that is subsequently built and deployed to production.
- [COMMAND_EXECUTION] (MEDIUM): The HEARTBEAT.md file attempts to establish recurring tasks (weekly builds, monthly checks) which modifies the agent's long-term behavior and could lead to unauthorized background actions like social media posting.
Recommendations
- AI detected serious security threats
Audit Metadata