ai-web-apps
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing standard, well-known Node.js packages from established registries to support AI integration and security.
- [COMMAND_EXECUTION]: The skill implements Model Context Protocol (MCP) tool execution by spawning local processes to run server scripts via the stdio transport.
- [PROMPT_INJECTION]: The architecture includes an inherent surface for indirect prompt injection via untrusted tool outputs, which the skill addresses with specific defensive patterns.
- Ingestion points: Data entering the agent via MCP tool results or user input.
- Boundary markers: Recommended tagging of external content as untrusted and using instruction-hierarchy markers in system prompts.
- Capability inventory: Model invocation via Vercel AI SDK and local command execution via the MCP SDK.
- Sanitization: Enforces Zod schema validation for all model responses and Markdown sanitization using rehype-sanitize.
Audit Metadata