Skills
skills/popapp-ai/ui/popapp/Gen Agent Trust Hub

popapp

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to use the Bash tool to execute commands using the npx popapp * prefix. This allows the agent to interact with the project's file system and dependencies via the vendor's CLI.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and execute the popapp package from the npm registry. While this is a standard developer workflow, it involves downloading and running code from an external repository at runtime.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it constructs shell commands from user-provided input without explicit sanitization or boundary markers.
  • Ingestion points: User-provided component names or parameters provided when invoking the "add" or "init" functions through the CLI.
  • Boundary markers: None. There are no delimiters or specific instructions provided to the agent to treat component names as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill has the capability to execute shell commands via the Bash(npx popapp *) tool.
  • Sanitization: None detected. The skill instructions do not specify any validation or escaping of user input before it is interpolated into the shell command string.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:33 PM