hostc-public-preview
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses npx hostc@latest to download and execute the hostc utility from the npm registry at runtime.
- [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands for starting and configuring the public tunnel.
- [PROMPT_INJECTION]: The skill requires the agent to monitor development server output to infer port numbers, which presents a surface for indirect prompt injection if the output is controlled by an untrusted source.
- Ingestion points: Development server console output.
- Boundary markers: Absent.
- Capability inventory: Command execution and network tunneling via npx hostc.
- Sanitization: Absent.
Audit Metadata