dev-server
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (INFO): The skill utilizes standard development commands such as
yarn nx devandyarn nx build. These are appropriate for the stated purpose of a dev-server utility and do not include any signs of command injection or unsafe parameter handling. - [DATA_EXPOSURE] (INFO): The skill reads
node_modules/.cache/ag-watch-status.jsonto monitor build health. This is a standard location for build-tool metadata and does not involve accessing sensitive user credentials, SSH keys, or environment secrets. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from a local build status file. While this is an external data entry point, the risk is minimal as the file is generated by the local build system (Nx), and the skill's capabilities are limited to reporting status and running local development tasks.
Audit Metadata