biome-js
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): References external npm packages
@sablier/devkit,@biomejs/biome, andprettierfor shared configurations. While expected for this tool, they are from sources not on the predefined trusted list. - [PROMPT_INJECTION] (LOW): Indirect injection surface (Category 8) as the skill is designed to analyze user project files to suggest or apply configurations. 1. Ingestion points: User source code and file structure. 2. Boundary markers: Absent. 3. Capability inventory: File system modification (writing
biome.jsoncand hook files). 4. Sanitization: Absent. - [COMMAND_EXECUTION] (LOW): Provides templates for shell command execution (
bun biome,bun prettier) within git hook configurations.
Audit Metadata