local-dev
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute system commands for managing local development processes.\n
- Evidence: Uses
lsofandkillto terminate existing processes on port 8000 before starting the backend.\n - Evidence: Runs a Python subprocess to start a
uvicornserver with specific host and port configurations.\n- [COMMAND_EXECUTION]: The skill executes a local shell script for building and running a macOS application.\n - Evidence: Invokes
app/scripts/dev-macos.shand passes user-provided arguments ($EXTRA_ARGS) for build configurations like--cleanor--release. While this creates a potential surface for command injection if input is not validated by the agent, it is a functional requirement for the development environment's operation.
Audit Metadata