arch-tsdown
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill utilizes external scripts and workflows from GitHub accounts not included in the 'Trusted GitHub Organizations' list. Evidence: 'assets/ci.yml' installs '@antfu/ni' globally, and 'references/core-release.md' utilizes 'sxzz/workflows' for the release pipeline.
- Dynamic Execution (LOW): The skill relies on executing shell commands for testing and environment setup. Evidence: 'test/exports.test.ts' uses 'tinyexec' to execute 'pnpm ls' for export verification.
- Indirect Prompt Injection (LOW): As a code scaffolding tool, it has the surface area to process user-provided code through scripts with high capabilities (file writing, publishing). Ingestion points: 'src/' directory. Capability inventory: 'tsdown' build, 'sxzz/workflows' publish. Sanitization: None detected for source code processing.
- Prompt Injection (SAFE): No malicious instructions or bypass attempts were detected in the skill's documentation or metadata.
- Data Exposure & Exfiltration (SAFE): No evidence of hardcoded credentials or unauthorized access to sensitive files or network endpoints was found.
Audit Metadata