app-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it transforms untrusted user natural language requests into project plans and shell commands. * Ingestion points: User requests are processed by SKILL.md and project-detection.md. * Boundary markers: Absent; there are no instructions to delimit or ignore instructions within user input. * Capability inventory: The skill has access to Bash, Write, Edit, and Agent tools, allowing for file modification and command execution. * Sanitization: None; user input is used directly to determine project paths and scaffolding steps.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform project initialization and dependency management. Findings include the use of npm install and npx in files such as templates/nextjs-fullstack/TEMPLATE.md and templates/nuxt-app/TEMPLATE.md, as well as pip install in templates/python-fastapi/TEMPLATE.md. These operations target well-known frameworks and official package registries.
Audit Metadata