Skills
skills/openharmonyinsight/openharmony-skills/oh-xts-build-run/Gen Agent Trust Hub

oh-xts-build-run

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • SAFE (SAFE): The skill definition contains no malicious code, obfuscation, or unauthorized access attempts.
  • COMMAND_EXECUTION (SAFE): The skill invokes the hvigorw build tool and local scripts (ohXtsBuildCommand.ts, ohXtsRunCommand.ts). This behavior is standard for a build-automation tool and is considered safe within its intended developer context.
  • Indirect Prompt Injection (SAFE): The skill parses project metadata to determine package names. Evidence Chain: 1. Ingestion points: pack.info and module.json5 files. 2. Boundary markers: Not explicitly specified in description. 3. Capability inventory: Execution of local build and test commands. 4. Sanitization: Not specified. As this is a local developer tool reading project files, the risk of indirect injection is negligible.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM