favicon
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
magickfor image processing and standard filesystem tools likecpandmkdir. It follows security best practices by using shell quoting ("$1") for user-provided input paths, which helps prevent command injection. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (Category 8).
- Ingestion points: The skill reads application metadata from project files including
package.json,site.webmanifest, andconfig/application.rb(Step 3). - Boundary markers: The instructions do not specify any delimiters or boundary markers to differentiate untrusted project data from the skill's own logic.
- Capability inventory: The skill has broad capabilities to modify project source code (e.g., Rails
application.html.erband Next.jslayout.tsx) and execute shell commands (Step 7). - Sanitization: The skill lacks requirements for sanitizing or escaping the extracted application name before it is interpolated into TypeScript metadata or HTML tags. A maliciously crafted project name could potentially result in code injection or malformed layout files during the update process.
Audit Metadata