Skills
skills/pproenca/dot-skills/dev-rfc/Gen Agent Trust Hub

dev-rfc

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local TypeScript and Python scripts to launch a review server. It uses system utilities like lsof and fuser to manage network ports by identifying and terminating existing processes on the designated port (default 3118).
  • [EXTERNAL_DOWNLOADS]: The review interface loads standard frontend libraries including Marked.js for markdown parsing, Mermaid for diagrams, and Shiki for syntax highlighting from well-known CDNs (jsDelivr, esm.sh) and Google Fonts. These are used to enhance the local user interface.
  • [COMMAND_EXECUTION]: The review scripts include path traversal protections to ensure the local server only serves files from the intended assets directory and does not expose sensitive system files.
  • [SAFE]: The local server binds to 127.0.0.1, ensuring the review interface is only accessible from the local machine and not exposed to the network.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:20 PM
Security Audit — agent-trust-hub — dev-rfc