openbb-app-builder
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates Python application files and validation scripts, which are then executed locally using standard tools like uvicorn and the Python interpreter. This behavior is documented as a core feature of the app-building pipeline.
- [PROMPT_INJECTION]: The skill includes functionality to analyze and convert existing Streamlit or Gradio code snippets. While processing untrusted code snippets represents an indirect injection surface, the skill utilizes a multi-phase workflow with structured artifacts that facilitate verification of the generated output.
- [EXTERNAL_DOWNLOADS]: The pipeline recommends standard, well-known Python packages (e.g., fastapi, pandas, plotly) and official OpenBB resources for documentation and testing. These references align with the skill's stated purpose and use established repositories.
Audit Metadata