kwc-lwc-development
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected. The skill content is strictly focused on providing development guidance and documentation for the Kingdee KWC LWC framework.
- [COMMAND_EXECUTION]: The skill directs the agent to use the 'kd' CLI tool (e.g., 'kd project create') and standard 'npm' commands for development tasks. These are standard vendor-provided utilities for the framework and are consistent with the skill's primary purpose.
- [SAFE]: The skill's environment detection logic (checking for the '.kd' directory) and instructions to ignore ESLint for custom template syntax are legitimate requirements for this specific proprietary framework.
- [SAFE]: While the skill ingests and modifies project files, which is a surface for indirect prompt injection, this activity is the intended primary purpose of the skill and no exploitable capability beyond standard development tasks was found.
Audit Metadata