react-ai-infra
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install the APM CLI tool using various methods, including
pip install apm-cliand a shell script from a Microsoft-owned domain (https://aka.ms/apm-unix). As these references target a trusted organization, they are considered safe. - [COMMAND_EXECUTION]: The skill executes the
apmCLI tool (e.g.,apm install) to manage dependencies. It implements a safety check by verifying the installation first and requiring user confirmation before running installation commands. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading data from project files like
package.json(specifically thenamefield) andAGENTS.md. - Ingestion points: Reads
package.json,apm.yml, andAGENTS.mdfrom the project root. - Boundary markers: Uses explicit markers (
<!-- BEGIN:nextjs-agent-rules -->) to delimit managed content inAGENTS.mdand preserve user instructions. - Capability inventory: Performs file system writes and executes the
apmCLI via shell. - Sanitization: Implements basic sanitization of the project name by stripping scope prefixes and replacing whitespace with dashes before interpolation.
Audit Metadata