library-bundler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Unverifiable Dependencies] (SAFE): The skill references standard, widely-used development dependencies (e.g., Vite, tsup, TypeScript). All package operations use the official NPM registry, which is a trusted source for development tools. No suspicious or unknown packages were identified.
- [Command Execution] (SAFE): The use of Bash is limited to standard package management tasks like building, versioning, and publishing. These operations are core to the skill's purpose and are performed using legitimate tools.
- [Dynamic Execution] (SAFE): The skill generates configuration files for build tools. These are standard scripts produced from templates based on project requirements and do not involve the unsafe execution of untrusted external code.
- [Indirect Prompt Injection] (LOW): While the skill interacts with project source code and metadata (package.json), it does so within the context of a library build system. No patterns suggesting susceptibility to adversarial command injection through data were found.
Audit Metadata