create-app-design
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute 'pwd' and 'ls' for project structure and environment discovery. These commands are used legitimately to establish execution context.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it reads and processes untrusted codebase data.
- Ingestion points: Ingests user-provided arguments and local codebase content via Read, Glob, and Grep tools.
- Boundary markers: Lacks explicit markers to distinguish between data and instructions during analysis.
- Capability inventory: Possesses file write capabilities (Write, MultiEdit, and TodoWrite) to modify rule files that govern future agent behavior.
- Sanitization: Does not perform validation or sanitization on the data extracted from the analyzed codebase.
Audit Metadata