antfu
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or unauthorized data access behaviors were detected. The skill follows security best practices for project initialization, such as using the
--ignore-scriptsflag during dependency installation to prevent execution of untrusted package scripts.\n- [EXTERNAL_DOWNLOADS]: The skill references and installs several external Node.js packages and reusable GitHub Actions workflows to manage project configuration and CI/CD. Specifically, it utilizes@antfu/eslint-configfor linting and formatting, and reusable workflows from thesxzz/workflowsrepository for automated PR fixes and unit testing.\n- [COMMAND_EXECUTION]: Provides instructions for executing various development tools and scripts, including dependency management via@antfu/ni, bundling withtsdown, and publishing withbumpp. It includes a utility script example (alias.ts) that programmatically synchronizes TypeScript path aliases by reading and writing to the localtsconfig.alias.jsonfile.
Audit Metadata