toolchain-preferences
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill suggests installing standard packages via pnpm and npx (e.g., next, convex, shadcn, sentry). These are from reputable registries (npm) and serve the stated purpose of defining a toolchain stack.
- [COMMAND_EXECUTION] (SAFE): Shell commands are restricted to project initialization and dependency management. No suspicious redirection, piped remote scripts (curl|bash), or obfuscated commands are present.
- [DATA_EXFILTRATION] (SAFE): No sensitive file access (e.g., SSH keys, AWS credentials) or unauthorized network calls were detected. Mentions of monitoring tools like Sentry and PostHog are within the scope of standard application observability.
- [PROMPT_INJECTION] (SAFE): No patterns of prompt injection, jailbreaking, or system prompt extraction were found. The instructional language is natural and focused on technical preferences.
Audit Metadata