arch-tsdown
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a standard development and build environment for TypeScript libraries using well-known tools like pnpm, Vitest, and ESLint.
- [SAFE]: No instances of prompt injection, obfuscated code, or unauthorized data access patterns were found in any of the configuration or instruction files.
- [SAFE]: CI/CD templates (assets/ci.yml and core-release.md) promote the use of npm Trusted Publisher via OIDC (id-token: write), which is a high-security industry standard for automated deployments.
- [SAFE]: Dependencies are managed through pnpm catalogs with specific restrictions on built dependencies (onlyBuiltDependencies), reducing the risk of malicious post-install scripts.
Audit Metadata