zodipus-setup
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill includes instructions to install
zodipusandzodvia package managers like npm. Per the security policy,zodipusis considered an unverifiable dependency as it is not from a designated trusted source. - [COMMAND_EXECUTION] (LOW): The documentation guides the user to run
npx prisma generate, which is a standard command for triggering Prisma generators but involves executing third-party code. - [PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior or bypass safety guardrails were identified in the skill files.
- [DATA_EXFILTRATION] (SAFE): No access to sensitive system paths (e.g., SSH keys, environment files) or unauthorized network exfiltration attempts were found.
- [OBFUSCATION] (SAFE): The content is presented in clear, human-readable markdown and code without any hidden or encoded payloads.
Audit Metadata