start-from-scratch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Downloads] (LOW): The skill guides users to install the @tambo-ai/react and tambo npm packages. These are unverifiable third-party dependencies. Although they are central to the skill's primary purpose, which typically justifies a severity downgrade, they still represent an external code dependency.
- [Command Execution] (SAFE): The skill provides standard development commands using npx and npm to initialize projects and install dependencies. These are standard practices for the intended use case.
- [Credentials Unsafe] (SAFE): The text includes placeholders such as sk_... for API key configuration. This is a safe way to demonstrate configuration without exposing actual secrets.
Audit Metadata