Skills
skills/reopt-ai/reopt-skills/brandapp-sdk-review/Gen Agent Trust Hub

brandapp-sdk-review

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like grep, npm install, and npx to check dependency versions, update vendor packages, and validate code changes using the TypeScript compiler. These are standard operations for a local development tool.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the official @reopt-ai/brandapp-sdk from a package registry when an upgrade is recommended. This is a legitimate vendor resource.
  • [PROMPT_INJECTION]: The skill analyzes local project files (package.json and TypeScript source files) to identify specific code patterns. While this represents a surface for indirect prompt injection (where malicious code comments could attempt to influence the audit report), the skill's logic is constrained to structural pattern matching.
  • Ingestion points: package.json, **/*.ts files.
  • Capability inventory: Shell execution (npm, npx, grep), file modification via editing tools.
  • Boundary markers: None specified in the instructions.
  • Sanitization: None specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:22 AM