setup-pre-commit
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard package manager commands (npm, pnpm, yarn, or bun) to install development dependencies and initialize Husky. These operations are restricted to the local repository context.
- [EXTERNAL_DOWNLOADS]: Installs well-known Node.js packages (
husky,lint-staged,prettier) from the official npm registry. These are industry-standard tools for repository maintenance and code formatting. - [DATA_EXPOSURE]: The skill reads the repository structure to detect the package manager and existing configuration files. This is a legitimate functional requirement for correct setup and does not involve accessing sensitive system files or environment variables.
- [INDIRECT_PROMPT_INJECTION]: The skill evaluates existing repository files (
package.json, lock files) to adapt its setup logic. While this involves processing external data, the risk is negligible as the data is used to select the appropriate package manager and determine if scripts liketestortypecheckare available.
Audit Metadata