companion-project-creator
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for project scaffolding and verification, including ecosystem-specific tools like composer, npm, pip, and go.
- [REMOTE_CODE_EXECUTION]: The 'Verification Workflow' mandates the execution of generated code and unit tests on the host machine. This creates a high-risk surface for executing malicious code embedded in the source articles.
- [EXTERNAL_DOWNLOADS]: The skill utilizes package managers to download and install external dependencies from public registries during the setup phase.
Audit Metadata