baoyu-electron-extract
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to find and extract Electron app bundles. It invokes npx to run @electron/asar and prettier.
- [EXTERNAL_DOWNLOADS]: The skill downloads standard developer packages from the NPM registry to perform code extraction and formatting.
- [PROMPT_INJECTION]: The skill processes contents of external Electron applications. This introduces a surface for indirect prompt injection where malicious instructions hidden in an application's source code could potentially influence the agent during the inspection process.
Audit Metadata