Skills
skills/evanfang0054/cc-system-creator-scripts/monorepo-setup/Gen Agent Trust Hub

monorepo-setup

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow involves several shell commands for project setup and maintenance. This includes directory creation, dependency installation via pnpm/npm/brew, and build operations. Specific commands include pnpm install, pnpm build, rm -rf, and grep for code cleanup. These are standard operations for the primary purpose of monorepo management.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of well-known development packages from the npm registry, such as typescript, tsup, turbo, and eslint. These are trusted tools within the JavaScript ecosystem.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection (Category 8).
  • Ingestion points: User-provided inputs for "Project Name" and "Registry URL" are requested in the initial workflow step in SKILL.md.
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying instructions that might be embedded in the user-provided project name or URL.
  • Capability inventory: The skill possesses capabilities to write files (.npmrc, package.json, tsconfig.json) and execute commands using the provided inputs, such as pnpm publish --registry <registry-url>.
  • Sanitization: Absent. The user inputs are interpolated directly into configuration templates and command strings without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:00 AM