add-assets
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is automated code refactoring and asset generation performed locally within the project directory.
- [COMMAND_EXECUTION]: The skill runs 'npm run build' to validate the generated code, which is a standard part of the development lifecycle.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted project files to drive code modification. 1. Ingestion points: 'package.json', 'src/core/Constants.js', and 'src/entities/*.js'. 2. Boundary markers: Absent. 3. Capability inventory: Local file writing and subprocess execution via 'npm run build'. 4. Sanitization: Absent. This surface is inherent to coding-assistant tasks and no malicious instructions were detected.
Audit Metadata