elements-new-package
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run repository-local scripts like ./scripts/new-package and ./scripts/npm to automate monorepo tasks.
- [COMMAND_EXECUTION]: Instructs the use of the npm CLI to publish packages to a public registry.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified: user input () is ingested and interpolated into shell commands. No boundary markers or sanitization steps are defined within the skill instructions, though capabilities are limited to local script execution.
Audit Metadata