WPS Web Builder

The skill provides a comprehensive framework for building web applications but utilizes high-risk execution patterns in SKILL.md. Specifically, it directs the agent to use Python's subprocess module with shell=True to execute npm and npx commands, which is a known shell injection vulnerability. While these capabilities (file writing and shell execution) are aligned with the stated purpose of a web builder, the lack of input sanitization in the generated command strings and the broad system access required for these operations warrant a suspicious classification.