npm-git-install
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, providing a framework for the agent to help users choose secure Node.js package delivery strategies. No malicious patterns, obfuscation, or safety bypass attempts were detected.
- [CREDENTIALS_UNSAFE]: The skill documentation explicitly instructs the agent to warn users against committing secrets or tokens into manifests and to ensure credential parity in CI environments using secure secret management practices.
- [COMMAND_EXECUTION]: The skill uses the provided Bash and Read tools solely for legitimate internal purposes, such as reading its own reference documentation to provide accurate advice.
- [PROMPT_INJECTION]: The instructions do not contain any patterns intended to override agent behavior or bypass safety guidelines. The use of instructional terms like 'IMPORTANT' occurs in a benign context related to following documentation steps.
Audit Metadata