marketplace-scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Template Retrieval: The skill utilizes the
shadcnCLI to fetch and install project components frommarketplace-sdk.sitecorecloud.io. These templates are used to initialize the application architecture and integrate SDK modules for XM Cloud and AI features. - Environment Variable Management: Includes templates for
.env.localfiles to guide users in configuring application secrets, such as Auth0 credentials and App IDs. The use of placeholders and the recommendation to use.env.localaligns with standard practices for secure secret management during local development. - Automated Project Scaffolding: Employs
npxto execute project initialization tools likecreate-next-appand theshadcnregistry. This automates the setup of the Next.js environment and required dependencies. - Input Interpolation Surface: The skill interpolates user-provided application names into shell commands (e.g.,
npx create-next-app@latest <app-name>). This is a common pattern in scaffolding tools that represents a potential injection surface if input is not handled carefully, though it is used here within its intended administrative context.
Audit Metadata