app-builder
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the
Bashtool to perform project setup tasks such asnpm init,pip install,npx create-next-app, andbench init. This execution is a primary feature of the skill. \n- EXTERNAL_DOWNLOADS (LOW): Scaffolding templates trigger downloads of third-party dependencies from public registries (NPM, PyPI) and a specific GitHub repository (frappe/frappe). Under [TRUST-SCOPE-RULE], these are considered acceptable for a development-focused skill. \n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its use of natural language input to drive powerful system tools. \n - Ingestion points: natural language requests described in
SKILL.md. \n - Boundary markers: Absent; there are no instructions to delimit user input from system commands. \n
- Capability inventory: Access to
Bash,Write,Edit, andAgenttools provides a high impact surface area across all templates. \n - Sanitization: No evidence of input validation or command sanitization is present in the orchestration logic.
Audit Metadata