wiki-vitepress
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill executes
npm install, which downloads code from the public npm registry. This is a standard build step but involves external dependencies. - [Dynamic Execution] (LOW): The skill generates TypeScript configuration and component logic programmatically at runtime before execution by the build tool.
- [Indirect Prompt Injection] (LOW): The skill processes potentially untrusted Markdown files without sanitization or boundary markers. Evidence: 1. Ingestion: [generated .md pages]; 2. Boundaries: Absent; 3. Capabilities: Subprocess execution (npm build); 4. Sanitization: None.
Audit Metadata