Skills
skills/ryan-carloso/skill-image-before-after/gitlab-rn-web-before-after/Gen Agent Trust Hub

gitlab-rn-web-before-after

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The shell script orchestrates complex workflows involving git, glab, and local development servers. It executes commands defined in the target repository's package.json (e.g., pnpm web) to start the application. This is the core functionality of the skill and is handled using structured arguments and local environment contexts.
  • [COMMAND_EXECUTION]: The script uses node to safely parse JSON and encode URLs, which reduces the risk of shell injection when handling data from external files like package.json or Git outputs.
  • [SAFE]: The skill implements strict file path validation in both the shell script and the Node.js capture utility. It explicitly rejects absolute paths and directory traversal patterns (e.g., '..') to ensure that screenshot operations remain confined within the target repository.
  • [SAFE]: The Puppeteer capture utility launches the browser with --no-sandbox. While this reduces some browser-level isolation, it is a standard configuration for automated environments and the risk is limited to the local development server being captured.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:12 PM