Skills
skills/alaliqing/claude-paper/webui/Gen Agent Trust Hub

webui

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to manage the server lifecycle and build process.
  • Evidence: Executes npm run build and node .output/server/index.mjs to compile and run the production server.
  • Evidence: Uses lsof and kill to manage process states and ensure port 5815 availability.
  • [EXTERNAL_DOWNLOADS]: The skill installs necessary software packages from the public npm registry.
  • Evidence: Runs npm install within the plugin source directory if dependencies are not already present.
  • [PROMPT_INJECTION]: The application handles external research papers, which introduces a potential surface for indirect prompt injection.
  • Ingestion points: Data from research papers processed by the viewer (referenced in SKILL.md).
  • Boundary markers: None identified in the provided startup orchestration.
  • Capability inventory: Shell command execution via Bash (npm, node).
  • Sanitization: Not specified within the server management script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 06:28 AM