setup
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and installs standard development dependencies from the official npm registry, including tools for linting, formatting, and git hook management.
- [COMMAND_EXECUTION]: Executes shell commands via project package managers (npm, pnpm, yarn, or bun) to initialize tool configurations and perform migrations from legacy tools like ESLint or Prettier.
- [COMMAND_EXECUTION]: Configures Git hooks in the
.huskydirectory that execute local shell commands (e.g.,gitleaks protect,lint-staged) during the commit workflow to enforce project standards. - [EXTERNAL_DOWNLOADS]: References the installation of the GitLeaks security utility via the well-known Homebrew package manager.
- [PROMPT_INJECTION]: The skill ingests untrusted data from project files, creating a surface for indirect prompt injection.
- Ingestion points: Reads
package.jsonand project lockfiles (e.g.,pnpm-lock.yaml,package-lock.json) to detect existing tooling and framework configurations. - Boundary markers: Absent; the skill scans file presence and names without explicit delimiters to isolate the data from core instructions.
- Capability inventory: The skill utilizes shell execution via the
Bashtool (scoped to package managers), as well as file modification viaWriteandEdittools. - Sanitization: Absent; the skill relies on the structure of standard project metadata files to drive its decision-making logic.
Audit Metadata