infra-x-config
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install multiple Node.js packages from the
@infra-xscope, such as@infra-x/eslint-configand@infra-x/typescript-config. These packages originate from a source that is not listed in the trusted organizations or well-known services list. - [REMOTE_CODE_EXECUTION]: The workflow includes the execution of
pnpm dlx @infra-x/create-eslint-config. This command downloads a package from the npm registry and executes it immediately in the local environment, representing remote code execution from an unverified source. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to recommend or execute shell commands (e.g.,
pnpm add,pnpm dlx) which perform software installation and file system modifications in the user's project. - [PROMPT_INJECTION]: An analysis of the instructions and metadata revealed no attempts to override agent behavior, bypass safety filters, or extract system prompts.
Audit Metadata