react-ai-infra

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install the APM CLI tool using various methods, including pip install apm-cli and a shell script from a Microsoft-owned domain (https://aka.ms/apm-unix). As these references target a trusted organization, they are considered safe.
  • [COMMAND_EXECUTION]: The skill executes the apm CLI tool (e.g., apm install) to manage dependencies. It implements a safety check by verifying the installation first and requiring user confirmation before running installation commands.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading data from project files like package.json (specifically the name field) and AGENTS.md.
  • Ingestion points: Reads package.json, apm.yml, and AGENTS.md from the project root.
  • Boundary markers: Uses explicit markers (<!-- BEGIN:nextjs-agent-rules -->) to delimit managed content in AGENTS.md and preserve user instructions.
  • Capability inventory: Performs file system writes and executes the apm CLI via shell.
  • Sanitization: Implements basic sanitization of the project name by stripping scope prefixes and replacing whitespace with dashes before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 02:57 AM
Security Audit — agent-trust-hub — react-ai-infra