spree-setup

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DEPENDENCIES]: Fetches configuration, starters, and dependencies from well-known official sources. * Evidence: Downloads from github.com/spree/spree-starter, github.com/spree/storefront, and the create-spree-app package via NPM (SKILL.md).
  • [INDIRECT_PROMPT_INJECTION]: The skill fetches documentation and README files from external URLs to guide the setup process. * Ingestion points: WebFetch calls to spreecommerce.org and github.com/spree/ repositories (SKILL.md). * Boundary markers: Absent. * Capability inventory: Bash (command execution), Write (file modification), Edit (file editing) across SKILL.md. * Sanitization: Absent.
  • [DATA_EXPOSURE]: Lists sensitive environment variable names and API key formats necessary for application configuration. * Evidence: References to SECRET_KEY_BASE, RAILS_MASTER_KEY, and NEXT_PUBLIC_SPREE_PUBLISHABLE_KEY (SKILL.md). These are used according to standard development practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — spree-setup