rdc-setup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing official packages from the
@data-clientnamespace on npm (e.g.,@data-client/react,@data-client/vue). These are standard library dependencies and do not constitute a security risk. - [COMMAND_EXECUTION] (SAFE): The skill provides standard installation commands using
npm,yarn,pnpm, andbun. These are intended for the user to execute as part of a legitimate setup process and do not involve obfuscated or malicious shell commands. - [PROMPT_INJECTION] (SAFE): No attempt to override agent instructions or bypass safety filters was found. The instructions are purely technical and focused on project setup.
- [DATA_EXFILTRATION] (SAFE): No network operations or sensitive file access patterns were detected. The skill only checks for the presence of local configuration files (
package.json, lock files) to determine project type. - [INDIRECT_PROMPT_INJECTION] (LOW): While the skill scans the codebase for patterns (like REST URLs or GraphQL tags), it does so to determine configuration, and the data is not used in a way that would trigger execution of embedded instructions. Boundary markers are effectively the standard structure of a JS/TS project.
Audit Metadata