vitest
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill provides shell commands for package management (
pnpm add) and test execution (vitest). It also includes a migration helper command usingfindandsedto rename Jest-specific APIs to Vitest equivalents in local test files, which is consistent with the skill's stated purpose. - EXTERNAL_DOWNLOADS (SAFE): Recommends the installation of widely used, industry-standard packages from the NPM registry (e.g.,
vitest,playwright,@vitest/coverage-v8). These downloads are expected for setting up a testing environment. - DATA_EXFILTRATION (SAFE): No patterns for exfiltration or unauthorized file access were detected. The
mockFetchutility provided intemplates/test-utils.tsis a standard testing pattern used to intercept network requests locally for verification purposes. - DYNAMIC_EXECUTION (SAFE): The skill utilizes standard testing patterns like
vi.mockandvi.fn. The in-source testing pattern usingimport.meta.vitestis a native Vitest feature designed for tree-shaking and does not pose a security risk in this context.
Audit Metadata