bootstrap-ts-oss
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The workflow instructs the agent to execute shell commands such as
mkdir <project-name>andgh repo create miketromba/<repo-name>using user-supplied input. There is a potential risk of shell command injection if the project name contains malicious characters or operators. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs standard open-source packages from the npm registry and utilizes official GitHub Actions from trusted organizations like
actionsandoven-sh(Bun).
Audit Metadata