Skills
skills/tapcartinc/tapcart-agent-skills/tapcart-project/Gen Agent Trust Hub

tapcart-project

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands to manage the development environment, including node, npm, and the tapcart CLI. These are used for version checking, package installation, project scaffolding, and running a local development server.
  • [EXTERNAL_DOWNLOADS]: Downloads and installs the @tapcart/tapcart-cli and @tapcart/tapcart-app packages from the npm registry. These are official vendor resources used for project setup and management.
  • [PROMPT_INJECTION]: The skill ingests and processes content from local project files and command outputs, which presents a surface for indirect prompt injection.
  • Ingestion points: Reads the tapcart.config.json file, as well as output from the tapcart lint and tapcart log commands.
  • Boundary markers: No specific delimiters or instructions are used to isolate ingested data from the agent's internal logic.
  • Capability inventory: The agent has access to shell execution (npm, tapcart, node) and file system access within the project directory.
  • Sanitization: No explicit sanitization or validation of the ingested file content or log output is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 04:49 PM