kwc-react-development
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected. The skill's instructions are focused on maintaining coding standards and utilizing vendor-specific tools for project development.
- [COMMAND_EXECUTION]: The skill refers to the
kdCLI tool for project creation (e.g.,kd project create [组件名] --type kwc). Based on the author context (kingdee), this is a legitimate vendor-provided utility for managing KWC React projects. - [SAFE]: The skill has an indirect ingestion surface used for environment detection:
- Ingestion points: Reads the project directory structure for a
.kdfolder and the.kd/config.jsonfile. - Boundary markers: None explicitly defined for project files, as the skill assumes a trusted local development environment.
- Capability inventory: Can execute the
kdCLI tool, write React components to the filesystem, and runnpm run devvia the agent's environment. - Sanitization: Not explicitly implemented for configuration data.
- Conclusion: This behavior is standard for an environment-aware development assistant and does not pose an elevated security risk in this context.
Audit Metadata