cc4d
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes several local bash scripts (
scripts/progress.sh,scripts/01-check-environment.sh,scripts/02-verify-deploy.sh) to manage the wizard's state machine and verify environment readiness. These are integral to the skill's primary function. - [EXTERNAL_DOWNLOADS] (LOW): The skill downloads and executes remote code via
npx create-next-appand installs theagentationpackage from npm. While these are external dependencies from non-whitelisted sources, they are standard tools for the development workflow described. - [PROMPT_INJECTION] (LOW): (Indirect) The skill uses
WebFetchinsteps/03-gather-idea.mdto analyze user-provided reference URLs. This is an indirect injection surface where a malicious site could attempt to influence the agent's code generation. - Ingestion points:
steps/03-gather-idea.md(WebFetch tool). - Boundary markers: Absent; the instructions do not specify delimiters for the fetched content.
- Capability inventory: Full shell execution, package installation, and automated deployment via Vercel.
- Sanitization: None; the agent is instructed to extract patterns and use them directly to guide the build.
- [DYNAMIC_EXECUTION] (LOW): In
steps/04-scaffold-and-build.md, the agent dynamically generates React components (app/agentation-wrapper.tsx) and modifies existing files. This is consistent with the primary purpose of a code-generation assistant.
Audit Metadata