preview-dev
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash tool for system inspection and diagnostics, and utilizes the command parameter in preview_serve to run arbitrary shell scripts. It also accesses vendor-specific files like /data/previews.json and core/http_client.py.
- [EXTERNAL_DOWNLOADS]: The workflow encourages installing unverified dependencies via npm and pip during the preview initialization phase, targeting public registries without version pinning.
- [REMOTE_CODE_EXECUTION]: The skill creates a remote code execution surface by generating application code based on user input and subsequently executing it via shell commands in the preview environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: User requirements for web applications in SKILL.md. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. 3. Capability inventory: Includes bash, write_file, and preview_serve with arbitrary command execution. 4. Sanitization: Absent; no validation of generated code or commands is performed.
Audit Metadata