budge
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to add a script tag to the project's layout that fetches a remote JavaScript bundle (
budge.iife.js) from the developer's domain (budge.designorskills-pearl.vercel.app). This script provides the client-side logic for the design widget and is a standard delivery mechanism for the tool's runtime. - [COMMAND_EXECUTION]: The agent uses standard file modification techniques (
StrReplace) to inject script tags and configuration data into the project's layout file (app/layout.tsx). These actions are necessary for the tool's integration and do not involve unauthorized shell command execution. - [SAFE]: No malicious patterns such as prompt injection, data exfiltration, or unauthorized privilege escalation were detected. The skill uses established development patterns for Next.js applications and relies on legitimate, specialized UI/UX libraries.
Audit Metadata