pma-web
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the use of @nsio/nsl, a third-party utility for development environment management. This package is not from a recognized trusted organization.
- [REMOTE_CODE_EXECUTION]: Instructions promote the use of bunx to execute remote code from packages like @nsio/nsl and shadcn. While common in development workflows, bunx fetches and runs code from external registries at runtime.
- [COMMAND_EXECUTION]: Multiple sections provide shell commands for project initialization, building, and running the development environment (e.g., bunx nsl run vite, bun run build).
- [SAFE]: The 'Security Review' section in references/review.md provides proactive guidance on preventing secret exposure, unsafe HTML injection, and validating untrusted inputs.
- [SAFE]: The documentation for server.allowedHosts in references/runtime-and-data.md demonstrates security awareness by discussing DNS-rebinding risks and referencing an official security advisory (GHSA-vg6x-rcgg-rjx6).
Audit Metadata