watch
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs global installation of the
dev3000andportlesspackages vianpm install -gif they are not detected on the host system.- [COMMAND_EXECUTION]: The skill executes shell commands by dynamically extracting dev scripts (e.g.,bun run dev,npx next dev) from the localpackage.jsonfile.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it executes commands derived from untrusted project metadata. - Ingestion points: The
package.jsonfile is read to identify the development command (Startup section, step 2). - Boundary markers: Absent. The skill assumes the integrity of the project configuration.
- Capability inventory: Full shell command execution via
portlessandd3k -c. - Sanitization: Absent. The skill does not validate the content of the scripts extracted from
package.jsonbefore execution.
Audit Metadata