create-sunpeak-app
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to clone project templates and reference code from the official Sunpeak-AI GitHub repository. This is a standard and safe procedure for developer frameworks.
- [COMMAND_EXECUTION]: The documentation includes standard CLI commands (sunpeak dev, sunpeak build, sunpeak start) used for local development, production builds, and testing of applications.
- [PROMPT_INJECTION]: The framework implements context synchronization hooks such as
useUpdateModelContextanduseAppState. Ingestion points: Data enters the context via theuseToolDatahook (SKILL.md). Boundary markers: Not explicitly specified in the framework instructions. Capability inventory: The framework includes hooks for calling server tools, sending messages, and downloading files (SKILL.md). Sanitization: The skill promotes the use of Zod schemas for validating tool inputs (SKILL.md). - [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill outlines a legitimate and expected development workflow for building Model Context Protocol applications.
Audit Metadata