ce-polish
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local development commands (such as npm run dev or bin/dev) to start servers. These commands are derived from auto-detected framework types or user-defined configurations in .claude/launch.json.
- [SAFE]: The skill accesses .env files specifically to identify the PORT variable, which is necessary for checking server availability. This is a targeted read operation and does not involve exfiltration of credentials.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the repository (e.g., project configuration and branch names), representing a surface for indirect prompt injection. The risk is considered low and is inherent to the tool's function as a development assistant.
Audit Metadata