create-app
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands and verification tasks as part of its 'archon' campaign and 'Step 3: VERIFY' phase to confirm that PRD end conditions are met.
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes existing codebases (Tier 5) and user-provided descriptions to plan and execute development tasks, which introduces a risk of instructions embedded in external files influencing the agent's behavior.
- Ingestion points: Processes project source files (src/, app/, lib/) and build configurations (package.json) during the feature addition workflow.
- Boundary markers: Not explicitly defined in the skill documentation, though the skill relies on sub-tasks like /prd and /architect to interpret data.
- Capability inventory: Includes file system modification, shell command execution, and orchestration of other autonomous agents.
- Sanitization: Implements 'circuit breakers' (e.g., parking after multiple failures) and 'direction alignment' checks every two phases to maintain operational safety during autonomous execution.
Audit Metadata