Skills
NYC
skills/tencentcloudbase/skills/web-development/Gen Agent Trust Hub

web-development

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): Recommends installing the @cloudbase/js-sdk and using npx live-server. These are standard dependencies for the Tencent CloudBase ecosystem and frontend development from the trusted npm registry.
  • [COMMAND_EXECUTION] (LOW): Instructs the agent to execute shell commands such as npm install and npx live-server. While these are legitimate development actions, they involve executing external code on the local system.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection (Category 8) vulnerability surface detected.
  • Ingestion points: User-provided frontend source code in the src directory and user-provided UI inputs for phoneNum and verificationCode.
  • Boundary markers: Absent; the skill lacks instructions to treat user-provided code or data as untrusted content.
  • Capability inventory: Subprocess execution via npm install and npx live-server.
  • Sanitization: Absent; no validation or escaping of the ingested source code is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:48 PM