create-tech-stack
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (e.g., !pwd, !node --version) and the Bash tool to execute shell commands to gather project metadata and verify environment configurations.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading and processing codebase files. Ingestion points: Reads configuration files including package.json, tsconfig.json, and prisma/schema.prisma. Boundary markers: Absent; no specific delimiters are used to wrap or isolate content read from files. Capability inventory: Includes Bash command execution and file writing via Write, MultiEdit, and TodoWrite. Sanitization: Absent; the skill does not validate or sanitize file contents before incorporating them into its logic or output.
Audit Metadata