app-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for standard development setup tasks such as package installation (
npm install,pip install) and project scaffolding (npx create-next-app). These operations are essential to its function and aligned with its stated purpose. - [PROMPT_INJECTION]: The skill uses specific instructional markers (e.g., 'Selective Reading Rule') and includes a mandatory 'PLAN VERIFICATION' checkpoint. While it processes natural language inputs, its orchestrated pipeline includes a 'Security Auditor' agent to review code, which is an architectural safety measure.
- [SAFE]: The project templates include documentation for required environment variables (e.g.,
STRIPE_SECRET_KEY,CLERK_SECRET_KEY,DATABASE_URL). These are listed as configuration placeholders for the generated applications and do not contain hardcoded or leaked secrets.
Audit Metadata