integrate-backend
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution: The skill runs local Node.js scripts and operating system commands to perform site analysis and open the generated implementation plan. While this involves executing code on the system, the operations are restricted to the local environment and are required for the skill's core functionality of exploring site state and visualizing plans.
- Data Exploration: The agent scans project configuration files and source code to detect existing backend patterns. Accessing local files is a security consideration, but in this context, it is used to ensure new integrations are compatible with the existing site structure and security roles.
- Indirect Prompt Injection Surface: The skill processes user-supplied requirements and local file content to generate recommendations. This creates a surface for potential indirect prompt injection from external project data, although the risk is minimized as the skill is designed to categorize requirements and route them to other internal implementation skills.
Audit Metadata