codegen-engine
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves a legitimate purpose for automating frontend development tasks. It uses a local MCP server ('codegen-engine') to analyze local project files and generate code snippets based on established templates. All operations are confined to the local environment.
- [COMMAND_EXECUTION]: The skill describes tools that can execute standard development commands locally, such as 'npx tsc' for type checking and 'npx eslint' for linting. These are used for code validation and are triggered as part of the local development workflow.
- [DATA_EXFILTRATION]: The skill interacts with local file paths provided in the project context to detect technology stacks and global types. There is no evidence of these files or any sensitive information being transmitted to external or untrusted domains.
- [PROMPT_INJECTION]: The skill processes user requirements and existing project files. Although this represents an ingestion surface for potential indirect prompt injection, the skill defines strict adherence to specific code templates and includes mandatory compliance checks to ensure the generated output follows safe coding standards.
Audit Metadata