pb-react-spa
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the PocketBase binary from its official GitHub repository and installs various npm packages from the public npm registry. These are established sources within the web development ecosystem.
- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools such as
npx,npm,mkdir, andcpfor project initialization, dependency management, and build deployment. Background execution vianohupis used appropriately for local development servers. - [CREDENTIALS_UNSAFE]: Instructions for generating TypeScript types include example commands with placeholder credentials (
admin@example.com,yourpassword). The documentation explicitly prompts the user to adjust these values, following standard development practices for CLI tools. - [PROMPT_INJECTION]: The skill contains clear, task-oriented instructions without any attempts to override system prompts, bypass safety guidelines, or extract sensitive internal configurations.
Audit Metadata