app-builder
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes natural language user requests to plan and build entire projects, which includes executing shell commands via the Bash tool. This architecture creates a surface for indirect prompt injection where an adversarial user could potentially trigger unintended system commands by embedding them within a project request.
- Ingestion points: Natural language user requests for application building (SKILL.md, project-detection.md).
- Boundary markers: Absent. The skill does not explicitly define delimiters to separate user intent from system instructions during the orchestration phase.
- Capability inventory: The skill has access to
Bash,Write,Edit,Read, andAgenttools across all templates and coordination scripts. - Sanitization: Absent. There is no evidence of input validation or escaping before user-derived data influences project scaffolding or agent tasks.
- Command Execution (SAFE): The skill makes extensive use of the
Bashtool to perform project setup tasks. These include standard operations likenpm install,npx create-next-app, andpip install. In the context of an application builder, these commands are necessary and legitimate for the skill's primary purpose. - External Downloads (SAFE): The skill references numerous external packages and frameworks (e.g., Next.js, FastAPI, Flutter). All identified dependencies are standard, well-known libraries sourced from official package registries (NPM, PyPI, etc.). No references to unverified third-party scripts or piped remote execution (curl|bash) were found.
Audit Metadata