web-development
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official @cloudbase/js-sdk and standard development tools like live-server from the npm registry.
- [COMMAND_EXECUTION]: Executes standard frontend build and installation commands (npm install, vite build, etc.) as part of the intended web development workflow.
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by processing external project code. * Ingestion points: Project source files (src) and configuration (package.json). * Boundary markers: None explicitly defined in the instructions. * Capability inventory: File system operations and command execution for building/previewing projects. * Sanitization: Relies on default environment security for executing user-provided scripts.
Audit Metadata