app-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing natural language requests to drive automated build processes.\n
- Ingestion points: User requests are processed by the orchestrator (SKILL.md) and mapped to templates (project-detection.md).\n
- Capability inventory: The skill has access to Bash, Write, and Edit tools to create projects and execute setup scripts (agent-coordination.md).\n
- Sanitization: There is no evidence in the orchestration logic of sanitization or escaping for user-controlled variables, such as project names, before they are used in shell commands (e.g., templates/astro-static/TEMPLATE.md).\n
- Boundary markers: The logic files do not include explicit instructions to distinguish between user data and system instructions.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute development commands and initialize environments.\n
- Evidence: Templates across the skill (e.g., templates/python-fastapi/TEMPLATE.md and templates/express-api/TEMPLATE.md) contain commands for environment setup, package installation, and local linking.\n
- Context: While these operations are essential to the skill's purpose, they represent a vector for executing commands derived from potentially malicious user input.
Audit Metadata