weaverse-integration
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs official vendor packages (@weaverse/hydrogen) using the project's preferred package manager.
- [COMMAND_EXECUTION]: Uses shell commands to inspect package.json and run local helper scripts (scripts/*.mjs) for documentation retrieval.
- [PROMPT_INJECTION]: As the skill reads existing project files to guide integration, it is vulnerable to indirect prompt injection from adversarial content within the analyzed codebase.
- Ingestion points: Reads package.json, app/root.tsx, and route files.
- Boundary markers: None present.
- Capability inventory: File system read/write and command execution.
- Sanitization: None.
Audit Metadata