list-npm-package-content
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (SAFE): The bash script executes
pnpm buildandpnpm pack. This is consistent with the skill's stated purpose of verifying package contents. These operations run in the local environment and are restricted to the current project directory. - [Data Exposure & Exfiltration] (SAFE): There are no network requests or attempts to read sensitive files such as SSH keys, environment variables, or cloud credentials.
- [Remote Code Execution] (SAFE): The skill does not download or execute remote scripts. It relies entirely on standard system utilities (pnpm, tar, rm).
- [Obfuscation] (SAFE): No encoded strings, hidden characters, or deceptive naming patterns were found in the script or metadata.
Audit Metadata