arch-tsdown-monorepo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill content consists of documentation and configuration templates for a monorepo structure. No malicious code or prompt injection patterns were found.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard development tools and repositories from the TypeScript/JavaScript ecosystem (e.g., tsdown, vitest, pnpm). These are reputable community-maintained projects.
- [COMMAND_EXECUTION] (SAFE): The provided scripts (pnpm run build, pnpm run test) are standard for library development. The use of --ignore-scripts in the pre-commit hook (references/core-git-hooks.md) is a notable security best practice for local development environments.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation for releases (references/core-release.md) explicitly avoids hardcoded credentials and recommends modern, secure alternatives like npm Trusted Publisher and GitHub OIDC permissions.
Audit Metadata