Skills
skills/sien75/graphicode-skills/graphicode-start-ts-react/Gen Agent Trust Hub

graphicode-start-ts-react

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands (cat ./graphig.md, ls -d) to read project metadata and determine the directory structure for code generation.
  • [PROMPT_INJECTION]: Indirect injection surface identified: the skill reads untrusted data from local configuration files (graphig.md and state.graphig.md) and uses this information to generate application code (launcher.ts).
  • Ingestion points: Reads metadata from ./graphig.md and description fields in state.graphig.md across multiple directories.
  • Boundary markers: Absent; the skill trusts the content of these metadata files for code generation.
  • Capability inventory: Writing new source files (launcher.ts, playground.ts), modifying build configurations (vite.config.ts, webpack.config.ts), and updating package.json scripts.
  • Sanitization: None detected; the agent is instructed to use identifiers and descriptions found in the files directly in the output code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:33 PM
Security Audit — agent-trust-hub — graphicode-start-ts-react