create-voltagent
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
npm create voltagent-app@latestand installs multiple packages under the@voltagent/scope. Since the VoltAgent organization is not on the trusted list, these dependencies are considered unverifiable. - REMOTE_CODE_EXECUTION (MEDIUM): The command
npm create voltagent-app@latestfetches and runs code from the npm registry. This is a high-privilege action that executes arbitrary code from the package's binary script. - COMMAND_EXECUTION (LOW): Multiple shell commands are suggested for project setup, directory creation, and starting local development servers (
npm run dev,mkdir, etc.). - CREDENTIALS_UNSAFE (LOW): The skill prompts users to enter and store provider API keys (OpenAI, Anthropic, etc.) in a local
.envfile. While typical for development, it requires the user to manage these secrets securely. - PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection) vulnerability surface detected: 1. Ingestion points:
locationparameter inweatherTooland input object inexpenseApprovalWorkflow. 2. Boundary markers: Absent in the provided templates. 3. Capability inventory: Local tool execution and workflow orchestration. 4. Sanitization: Uses Zod for schema validation and structured data parsing.
Audit Metadata