Skills
skills/violabg/dev-recruit/app-builder/Gen Agent Trust Hub

app-builder

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill documentation includes instructions to install various third-party libraries and frameworks (e.g., Next.js, FastAPI, Prisma, Stripe). These are standard tools but involve fetching code from external repositories (NPM, PyPI, Maven).
  • COMMAND_EXECUTION (LOW): The app-builder is granted the Bash tool. It uses this to run initialization commands like npx create-next-app, npm install, and pip install. There is a potential risk of command injection if user-supplied parameters like project names or feature descriptions are not properly sanitized by the agent before being passed to the shell.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted user data to drive high-privilege tool execution.
  • Ingestion points: User natural language requests are the primary input for determining project scope, names, and tech stacks (e.g., SKILL.md, project-detection.md).
  • Boundary markers: Absent; the skill lacks explicit delimiters or instructions to treat user-provided feature descriptions as data rather than instructions.
  • Capability inventory: Access to Bash, Write, Edit, and Agent tools across multiple files.
  • Sanitization: Absent; the skill does not provide logic or instructions for the agent to validate or escape user input before using it in file creation or command-line templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 02:50 PM