wiki-vitepress
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses 'npm install' and 'npm run docs:build' to create the static site. These are standard operations for the described task.
- [DYNAMIC_EXECUTION] (LOW): The skill generates configuration and theme files in JavaScript and TypeScript. The implementation of the click-to-zoom feature uses 'innerHTML', which is a potential XSS vector in the generated static site if the source Markdown is untrusted, but it does not pose a direct threat to the agent's host environment.
- [EXTERNAL_DOWNLOADS] (LOW): The build process involves downloading packages from the npm registry, which is a trusted external source for software dependencies.
Audit Metadata