spree-setup
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DEPENDENCIES]: Fetches configuration, starters, and dependencies from well-known official sources. * Evidence: Downloads from
github.com/spree/spree-starter,github.com/spree/storefront, and thecreate-spree-apppackage via NPM (SKILL.md). - [INDIRECT_PROMPT_INJECTION]: The skill fetches documentation and README files from external URLs to guide the setup process. * Ingestion points:
WebFetchcalls tospreecommerce.organdgithub.com/spree/repositories (SKILL.md). * Boundary markers: Absent. * Capability inventory:Bash(command execution),Write(file modification),Edit(file editing) across SKILL.md. * Sanitization: Absent. - [DATA_EXPOSURE]: Lists sensitive environment variable names and API key formats necessary for application configuration. * Evidence: References to
SECRET_KEY_BASE,RAILS_MASTER_KEY, andNEXT_PUBLIC_SPREE_PUBLISHABLE_KEY(SKILL.md). These are used according to standard development practices.
Audit Metadata