spree-setup
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration and instructions from Spree's official website (spreecommerce.org) and GitHub organization repositories (spree/spree-starter, spree/storefront, spree/spree).
- [COMMAND_EXECUTION]: Executes standard scaffolding and initialization commands, including
npx create-spree-app,git clone, and Rails setup scripts (bin/setup,bin/rails g spree:install). - [DATA_EXFILTRATION]: Refers to sensitive environment variables like
DATABASE_URL,SECRET_KEY_BASE, andRAILS_MASTER_KEYfor configuration purposes. No evidence of unauthorized access or exfiltration of existing credentials. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it fetches external documentation.
- Ingestion points: External URLs (spreecommerce.org, github.com) fetched via
WebFetchandWebSearchin SKILL.md. - Boundary markers: Not present.
- Capability inventory:
Bash,Write,Edit,Readin SKILL.md. - Sanitization: Not present.
Audit Metadata