verify
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or hardcoded credentials were found. The skill's behavior is consistent with its stated purpose of verifying code quality.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute standard development commands such asnpm run typecheck,npm run lint,npm test, andnpm run build. These operations are local and expected for a build/verification utility. - [PROMPT_INJECTION]: The skill reads
package.jsonand executes the scripts defined within it. This introduces a surface for indirect prompt injection if the project's configuration files are maliciously modified by a third party, as the agent will execute whatever commands are present in the 'scripts' section. - Ingestion points:
package.jsonis read viacat(SKILL.md). - Boundary markers: None present to distinguish between trusted and untrusted script content.
- Capability inventory: Access to
Bashallows for arbitrary command execution (SKILL.md). - Sanitization: No sanitization or validation of script content is performed before execution.
Audit Metadata