Skills
skills/vercel-labs/sitecore-skills/marketplace-scaffold/Gen Agent Trust Hub

marketplace-scaffold

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Configuration Fetching: The skill uses npx shadcn@latest add to download and apply project templates from https://marketplace-sdk.sitecorecloud.io/r/. This is a standard method for distributing and installing component-based SDKs and architectural scaffolds.
  • Project Initialization Commands: The skill executes CLI commands such as npx create-next-app and npm run dev. These are routine commands used in modern web development to bootstrap and test local environments.
  • Environment Variable Templating: The skill provides a reference for setting up .env.local files. It correctly uses placeholders for sensitive data (e.g., your-auth0-client-secret) and provides instructions for generating secure secrets locally using standard tools like openssl.
  • Content Security Policy Configuration: The skill proactively suggests a security header configuration in next.config.ts to restrict iframe embedding to authorized Sitecore domains, demonstrating a security-conscious approach to application setup.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 06:45 PM