toolchain-node
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of dependencies from the official npm registry using standard package managers (npm, pnpm, yarn). These are well-known technology services and are essential to the toolchain's functionality.
- [COMMAND_EXECUTION]: The skill provides commands to run standard development utilities such as the TypeScript compiler (tsc), test runners (Jest, Vitest, Node built-in runner), and code quality tools (ESLint, Prettier, Biome). All commands are standard for local development environments.
- [PROMPT_INJECTION]: An analysis for indirect prompt injection was conducted regarding the skill's interaction with local project files. Evidence chain:
- Ingestion points: Interacts with project configuration (package.json) and source code (src/**/*.test.ts) during execution.
- Boundary markers: No explicit markers are present in the documentation to segregate tool instructions from project data.
- Capability inventory: High, including package installation and script execution.
- Sanitization: Relies on the security boundaries of the underlying tools (e.g., npm, node). Finding: This surface is inherent to the intended purpose of a development toolchain, and no malicious patterns or deceptive instructions were identified.
Audit Metadata