fullstack-template-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user input (project names) to perform file system operations, creating a vulnerability surface.
- Ingestion points: User-provided 'project name' and 'target directory location'.
- Boundary markers: Absent.
- Capability inventory: Local directory creation and file writing operations.
- Sanitization: Absent; the skill does not provide instructions to sanitize the user-provided project name against path traversal or malicious character sequences.
- [Unverifiable Dependencies] (LOW): The skill generates templates that require numerous third-party packages from npm and PyPI. While the listed packages (FastAPI, React, etc.) are common, this facilitates the execution of external code on the user's machine.
- [No Code] (INFO): The skill's logic depends on files located in a 'templates/' directory that are not included in the provided source, making the functionality unverifiable and dependent on the host environment.
Recommendations
- AI detected serious security threats
Audit Metadata