nodejs-core
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous instructions and examples for executing system-level commands, including build tools (make, node-gyp, ninja, cmake-js), native debuggers (gdb, lldb), and performance profilers (perf, 0x, clinic).
- [DATA_EXFILTRATION]: Documentation examples use the sensitive system path '/etc/passwd' to demonstrate the usage of Node.js file system APIs (e.g., fs.readFile).
- [PROMPT_INJECTION]: The 'rules/commit-messages.md' file contains explicit instructions for the agent to never include AI signatures or co-authorship footers (e.g., 'Generated by ChatGPT'), which is an instruction to override default behavior regarding transparency.
- [EXTERNAL_DOWNLOADS]: The skill references and provides instructions for installing development utilities from the NPM registry and cloning the official Node.js repository from GitHub.
Audit Metadata