npx-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security risks detected.
- Prompt Injection: Checked for override markers, role-play injections, and system prompt extraction. None found.
- Data Exposure & Exfiltration: Scripts perform local file system operations (read/write) for project scaffolding. No network operations or hardcoded credentials detected.
- Obfuscation: No encoded content, zero-width characters, or homoglyphs found.
- Unverifiable Dependencies: The skill suggests installing well-known, legitimate developer tools (e.g., vitest, biome, citty). No suspicious remote code execution or untrusted packages detected.
- Privilege Escalation: Uses
chmodto set executable permissions on the resulting CLI binary, which is appropriate for the skill's purpose. Nosudoor unauthorized system modifications detected. - Persistence: No persistence mechanisms (cron, startup scripts) identified.
- Dynamic Execution: Uses safe string-replacement for templating rather than dangerous
eval()orexec()calls.
Audit Metadata