start-dev-server
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
waspCLI commands to manage the development database (wasp start db), start the application server (wasp start), and perform database migrations (wasp db migrate-dev). These commands are standard for the Wasp framework. - [EXTERNAL_DOWNLOADS]: For browser debugging, the skill suggests configuring an MCP server that downloads the
chrome-devtools-mcppackage from the NPM registry usingnpx -y. This is a recommended practice for the Model Context Protocol ecosystem. - [DATA_EXPOSURE]: The skill accesses the
.env.serverandschema.prismafiles to identify the database configuration (e.g., PostgreSQL vs SQLite). This data is used locally to determine the appropriate setup steps and is not transmitted to external servers. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to monitor live output from background development tasks (logs).
- Ingestion points: Standard output and error streams from the
wasp startandwasp start dbprocesses. - Boundary markers: Absent; the agent is instructed to listen directly to the stream for debugging information.
- Capability inventory: Local file system access, network operations on localhost, and execution of CLI tools (
wasp,npx,docker). - Sanitization: No filtering or sanitization of the log output is mentioned, which is common for development tools where raw logs are needed for debugging.
Audit Metadata