riff
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands that directly interpolate user-provided text into arguments for Node.js scripts, which is vulnerable to command injection if the agent does not properly escape or sanitize the input strings.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user requirements and uses them to generate application code. Malicious input could be used to manipulate the generation process or influence the agent's evaluation steps. Ingestion points: User requirements collected via AskUserQuestion in Step 1. Boundary markers: Not used; input is directly interpolated into shell commands. Capability inventory: Shell execution (Bash), file system access (Read, Write), and directory creation (mkdir). Sanitization: No sanitization or validation of user input is specified.
- [EXTERNAL_DOWNLOADS]: The generated application template references external JavaScript and CSS libraries from public CDNs including esm.sh, unpkg.com, and jsdelivr.net. While these are well-known technology services, the reliance on remote code at runtime constitutes a dependency on external infrastructure.
Audit Metadata