dev
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill parses project configuration files (package.json, vite.config.js, etc.) to detect framework settings. If a user clones a malicious repository, these files could contain instructions designed to trick the agent into suggesting a harmful command. • Ingestion points: Config files (package.json, nuxt.config., vite.config., next.config.*) read in SKILL.md. • Boundary markers: None used; content is parsed directly. • Capability inventory: Write access to package.json, process termination (kill -9), and background command execution (nohup). • Sanitization: The skill mitigates risks by requiring the agent to propose the detected command and port to the user for confirmation before proceeding with the setup.
- [Dynamic Execution] (LOW): The skill modifies the project's package.json to include wrapper scripts that point to a local shell script. This is a standard automation pattern but involves script generation.
- [Privilege Escalation] (LOW): The bash script (scripts/dev.sh) uses commands like kill -9 and lsof to manage processes on specific ports. While this involves forceful process termination, it is scoped to the local user's development environment.
Audit Metadata