proofkit-fmodata
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill documentation references external assets at proofkit.dev and installs official packages from the NPM registry (@proofkit/fmodata, @proofkit/typegen). These are standard operations for a development utility.
- [COMMAND_EXECUTION] (SAFE): The configuration schema includes a 'postGenerateCommand' field used to run formatters (like Biome or Prettier) after code generation. While this executes shell commands, it is a standard feature of build tools and is documented here for legitimate developer use.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly instructs users to use environment variables (e.g., OTTO_API_KEY, FM_PASSWORD) rather than hardcoding sensitive information into the codebase or configuration files.
Audit Metadata