quality-gates
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard command-line interfaces (pnpm, gh, act) to perform legitimate development tasks such as project auditing, dependency management, and running test suites. These actions are aligned with the skill's stated purpose.
- [EXTERNAL_DOWNLOADS] (SAFE): It automates the installation of widely recognized and reputable development tools (e.g., vitest, lefthook, commitlint) from the official npm registry. These are trusted packages within the JavaScript/TypeScript ecosystem.
- [PROMPT_INJECTION] (SAFE): The skill exhibits an attack surface for indirect prompt injection as it processes project-specific configuration files.
- Ingestion points: Audits local files like package.json, lefthook.yml, and vitest.config.ts.
- Boundary markers: None present; the files are read directly for analysis.
- Capability inventory: File system modification, package installation, and execution of local test scripts.
- Sanitization: None; however, since the data source is the project's own configuration, the risk is minimal and characteristic of developer-centric tools.
Audit Metadata