engineering-rapid-prototyper
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/scaffold.shscript automates the creation of project directories and configuration files (e.g.,package.json,tsconfig.json). It uses standard shell commands likemkdirandprintfto generate boilerplate code locally without performing any external downloads or piped executions. - [EXTERNAL_DOWNLOADS]: The skill instructions and templates reference well-known and trusted technology services including Vercel, Supabase, Clerk, and Prisma. The use of
npx shadcn@latestis a standard practice for the referenced UI library and does not involve untrusted remote code execution. - [INDIRECT_PROMPT_INJECTION]: The skill provides templates for application features that process untrusted user data, which represents a potential attack surface for the developed application rather than the agent itself.
- Ingestion points:
references/code-examples.md(FeedbackForm component) andreferences/full-stack-integration.md(FileUpload component). - Boundary markers: Not applicable as these are static code templates for developer use.
- Capability inventory:
scripts/scaffold.sh(file-write) andreferences/code-examples.md(network fetch calls to local API routes). - Sanitization: The templates proactively include Zod schema validation for form inputs, which is a recommended security measure for data integrity.
Audit Metadata