Skills
skills/subframeapp/subframe/develop/Gen Agent Trust Hub

develop

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx @subframe/cli@latest to download and run the official Subframe CLI from the NPM registry. This is a standard practice for the vendor's workflow and utilizes the official registry.
  • [COMMAND_EXECUTION]: The skill executes shell commands via npx to synchronize design components (sync --all, sync [components]). These commands are necessary for the skill's primary function of integrating designs into a codebase.
  • [DATA_EXFILTRATION]: The skill fetches design specifications and code from the Subframe platform (app.subframe.com) using MCP tools such as get_page_info and list_projects. This data ingestion is required to implement the requested designs and is conducted through authenticated MCP channels.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 11:08 AM