Skills
skills/tencentcloudbase/skills/miniprogram-development/Gen Agent Trust Hub

miniprogram-development

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the use of npx to load and execute the @cloudbase/cloudbase-mcp package from the npm registry. This is an official vendor resource provided by Tencent CloudBase for Model Context Protocol integration.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes the npx command to dynamically download and execute the latest version of the CloudBase MCP toolset, which constitutes remote code execution from a package registry.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI tools for development workflows, including miniprogram-ci for project preview and upload automation, and mcporter for managing CloudBase MCP server tools and interactive authentication.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its interaction with user-supplied project files and configurations.
  • Ingestion points: The agent reads and processes project.config.json, mini program page files (js, wxml, json), and other project-specific source code.
  • Boundary markers: The skill does not define explicit delimiters or instructions to the agent to disregard instructions embedded within the source files or configurations it processes.
  • Capability inventory: The agent has the capability to write and modify project files on the file system and execute shell-based tools (mcporter, miniprogram-ci).
  • Sanitization: There is no evidence of content sanitization or validation of the ingested project data before it is incorporated into the agent's context or used to drive tool execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 04:01 AM