asset-canister
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions to run 'npm install' and 'npm run build' within an 'icp.yaml' configuration. These are standard operations for building frontend applications before deployment.
- [EXTERNAL_DOWNLOADS]: The skill references several vendor-owned Node.js packages including '@icp-sdk/canisters', '@icp-sdk/core', and '@dfinity/asset-canister'. These are official libraries for the Internet Computer ecosystem and are considered safe in this context.
- [SAFE]: The documentation provides proactive security guidance, such as warning against setting 'shouldFetchRootKey' to true in production and explaining the risks of 'allow_raw_access' on the Internet Computer.
- [SAFE]: No evidence of data exfiltration, prompt injection, or obfuscation was detected. The code snippets provided are for programmatic asset management and permission control using official SDKs.
Audit Metadata