web-development
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill involves executing standard development commands including
npm installfor dependency management andnpx live-serverfor local project previews. - [EXTERNAL_DOWNLOADS]: The instructions reference the official CloudBase Web SDK available via NPM (
@cloudbase/js-sdk) or the vendor's CDN (static.cloudbase.net), which are legitimate vendor resources. - [SAFE]: Technical guidance is focused on secure implementation, such as strictly forbidding the use of cloud functions for authentication logic and requiring the use of built-in SDK features.
- [INDIRECT_PROMPT_INJECTION]: The skill establishes a workflow for processing and deploying user-provided code, which represents an ingestion surface for untrusted data.
- Ingestion points: Frontend source code, build output, and configuration files located in the
src,dist, andcloudfunctionsdirectories. - Boundary markers: Absent.
- Capability inventory: Execution of build scripts (
npm install), local server hosting (live-server), and deployment to static cloud hosting environments. - Sanitization: Absent.
Audit Metadata