Skills
skills/starchild-ai-agent/official-skills/preview-dev/Gen Agent Trust Hub

preview-dev

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the bash tool to execute arbitrary shell commands for starting development servers and inspecting the internal preview registry file located at /data/previews.json.
  • [DATA_EXFILTRATION]: Instructions explicitly state that 'Env vars are inherited' and encourage the use of os.getenv(). This design potentially exposes the agent's sensitive environment credentials to any code generated for the preview environment.
  • [REMOTE_CODE_EXECUTION]: The preview_serve tool accepts a command string that is executed directly in a shell environment, which acts as a vector for executing arbitrary code based on user-influenced requirements.
  • [DATA_EXFILTRATION]: The skill directs the agent to read core/http_client.py and replicate internal proxy and Certificate Authority (CA) configuration patterns into the generated preview backend code, which could lead to the exposure of internal networking details.
  • [PROMPT_INJECTION]: As a code-generation tool, the skill has a significant attack surface for indirect prompt injection, where a user could provide malicious requirements that cause the agent to generate harmful or exfiltrating code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 12:55 PM