winjs-app
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill documentation mentions standard development commands such as 'win dev', 'win build', 'win preview', and 'npm run setup'. These are standard for H5 project development and building workflows.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references plugins and presets under the '@winner-fed' npm scope. While this scope is not in the predefined trusted list, the packages are consistent with the documented framework's legitimate ecosystem.
- [SAFE] (SAFE): No evidence of prompt injection, data exfiltration, obfuscation, or unauthorized privilege escalation was found in the provided documentation and instruction set.
Audit Metadata