preflight
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses git, make, and pnpm to analyze code changes and verify types. These are standard development operations.
- [EXTERNAL_DOWNLOADS]: The skill runs pnpm audit which connects to the official npm registry to check for known vulnerabilities in dependencies.
- [PROMPT_INJECTION]: The skill processes untrusted file contents (ingestion points: changed files via git) which presents an indirect injection surface. Capability inventory includes subprocess calls for git and pnpm, with no explicit boundary markers or sanitization observed, representing a standard low-severity risk.
Audit Metadata