Skills
skills/sebastiaanwouters/dotagents/svelte-code-writer/Gen Agent Trust Hub

svelte-code-writer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill utilizes bunx to download and execute the @sveltejs/mcp package. This is an external dependency from an organization not included in the pre-approved trusted list. The severity is lowered because the package is core to the skill's stated Svelte-specific functionality.
  • COMMAND_EXECUTION (LOW): The svelte-autofixer tool accepts code snippets or file paths as command-line arguments. This pattern is susceptible to command injection if the input is not carefully sanitized, particularly when using shell runners like bunx.
  • PROMPT_INJECTION (LOW): The skill demonstrates a surface for indirect prompt injection. 1. Ingestion points: svelte-autofixer input in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via bunx. 4. Sanitization: No automated sanitization is present; the skill relies on manual user escaping of characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM