develop
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
npx @subframe/clicommand to synchronize UI components with the local codebase. This is a standard operation using a verified vendor tool from SubframeApp. - [EXTERNAL_DOWNLOADS]: Fetches design metadata and component source code from the official Subframe platform (app.subframe.com) using Model Context Protocol (MCP) tools and the CLI. These connections are made to trusted vendor-owned infrastructure.
- [SAFE]: No malicious behavior, obfuscation, or unauthorized data access was detected. The skill follows best practices for its intended purpose of design-to-code implementation.
Audit Metadata