dev-scan
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python and Node.js scripts (
hn-search.py,ph-search.py, andweb-search.mjs) to automate data collection. It also utilizes thechromuxCLI for browser-based searching and content enrichment. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from well-known technology platforms and APIs, including Algolia (Hacker News), ProductHunt (GraphQL API), and Google. These interactions are limited to public data retrieval for synthesis and reporting.
- [PROMPT_INJECTION]: While the skill processes untrusted content from various developer communities (a surface for indirect prompt injection), it lacks high-risk capabilities—such as file modification or sensitive network access—that would be necessary to exploit such an injection.
Audit Metadata