Skills
skills/bacoco/shipguard/sg-visual-review-stop/Gen Agent Trust Hub

sg-visual-review-stop

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script located at visual-tests/build-review.mjs to handle server termination.
  • [COMMAND_EXECUTION]: Provides a shell fallback mechanism that uses grep, awk, lsof, and kill to identify and terminate the process bound to a specific port.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface by reading data from a local file (visual-tests/_results/.server.pid) to determine the port number for the kill command.
  • Ingestion points: visual-tests/_results/.server.pid (reads the 'port' value)
  • Boundary markers: Absent
  • Capability inventory: Shell command execution (lsof, kill via xargs)
  • Sanitization: Absent; the port variable is interpolated directly into the shell command.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:35 PM
Security Audit — agent-trust-hub — sg-visual-review-stop