skills/dfinity/icskills/caffeine-app/Gen Agent Trust Hub

caffeine-app

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of standard development CLI tools, including global installation of the Caffeine CLI via npm install -g @caffeineai/cli and environment maintenance via caffeine doctor --fix. These commands are routine for setting up a specialized developer toolchain.
  • [EXTERNAL_DOWNLOADS]: The project templates incorporate a wide range of official and industry-standard Node.js packages (e.g., React, Vite, Tailwind, Radix UI, TanStack Query) and vendor-specific Motoko dependencies via the mops package manager. All referenced external resources are consistent with building modern web applications on the Internet Computer.
  • [DATA_EXFILTRATION]: The skill describes the caffeine preview --build command, which uploads a compiled draft of the application to the caffeine.ai cloud for hosting and preview. This is a primary functionality of the service and is clearly documented for the user.
  • [SAFE]: The project structure, manifest configurations (caffeine.toml, mops.toml), and build scripts follow established patterns for the Dfinity/ICP ecosystem. No malicious obfuscation, privilege escalation, or security bypass patterns were detected in the instructions or templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:50 AM
Security Audit — agent-trust-hub — caffeine-app