dev-web
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell commands via
bunandbunxto initialize projects and manage dependencies. This creates an attack surface where a malicious prompt could potentially lead the agent to execute arbitrary commands on the host system. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs unversioned downloads and execution of remote code from the npm registry using
bunx --bun shadcn@latest init. This is vulnerable to supply chain attacks if the package or registry is compromised. - [PROMPT_INJECTION] (MEDIUM): The skill is designed to respond to user requests for frontend development, creating a vulnerability to indirect prompt injection.
- Ingestion points: User-provided instructions for app features or component additions.
- Boundary markers: Absent; there are no delimiters separating user-provided data from shell command templates.
- Capability inventory: Full shell execution (
bun) and file system write access for project scaffolding. - Sanitization: Absent; the skill does not include logic to validate or escape package names or parameters before execution.
Audit Metadata