dinachi-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute CLI commands such as
npx @dinachi/cli@latest add <slug>andtest -f components.json. These commands are used to initialize the project and add UI components as requested by the user. - [EXTERNAL_DOWNLOADS]: The skill references the
@dinachi/clipackage, which is fetched from the NPM registry (a well-known service) at runtime when using package runner tools likenpxorpnpm dlx. This is standard behavior for the tool's intended integration purpose. - [PROMPT_INJECTION]: The skill processes user prompts through several scripts (
resolve-intent.mjs,suggest-components.mjs) to map natural language to UI components. It implements sanitization (normalization and tokenization) and validates all generated recipes against a schema and a static component registry (references/components.registry.json), which effectively mitigates the risk of indirect prompt injection.
Audit Metadata