dashboard-builder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The provided
setup-and-run.shscript executes standard development commands such asnpx,npm install, andnpm run dev. These commands are used to initialize the project environment and start the local development server.\n- [EXTERNAL_DOWNLOADS]: The skill's initialization process downloads well-known developer dependencies from the NPM registry. Additionally, the world map component references a geographic data file from the well-knowncdn.jsdelivr.netservice.\n- [REMOTE_CODE_EXECUTION]: The automation script generates source code files (e.g.,page.tsx,utils.ts) from embedded templates using shell heredocs. This code generation is a core feature of the dashboard builder and is executed within the context of the user's project setup.\n- [PROMPT_INJECTION]: The skill handles untrusted data from external sources for visualization, which represents a surface for indirect prompt injection.\n - Ingestion points: Data is consumed via API fetch calls in
lib/api.tsand through WebSocket updates.\n - Boundary markers: No specific prompt delimiters are implemented in the provided component templates to isolate external data.\n
- Capability inventory: The skill possesses command execution capabilities specifically for environment setup.\n
- Sanitization: While not explicitly coded in the boilerplate snippets, the documentation correctly identifies input validation and sanitization as essential integration steps.
Audit Metadata