deps
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is focused on improving project security through the implementation of supply chain hardening techniques, such as version pinning and registry locking.
- [EXTERNAL_DOWNLOADS]: The skill generates CI workflow configurations that reference official GitHub Actions (
actions/checkout,actions/setup-node,actions/dependency-review-action) and a vendor-specific action (tartinerlabs/lockfile-integrity) for security auditing. These are documented as standard practices for CI-based monitoring. - [COMMAND_EXECUTION]: The skill utilizes package manager CLI tools (npm, pnpm, yarn, bun, gh) to detect existing project configurations and assist in applying security updates, which is consistent with its intended function.
- [SAFE]: The skill encourages the use of
ignore-scripts=truein.npmrc, which is a highly effective mitigation against malicious packages that use post-install scripts for code execution.
Audit Metadata