antfu
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines coding conventions and project structures intended for legitimate software development. No malicious patterns, prompt injections, or obfuscated code were detected.
- [COMMAND_EXECUTION]: Documentation includes instructions for standard development commands such as dependency installation (pnpm, ni), linting (eslint), and testing (vitest). These are used according to industry standards for project maintenance.
- [EXTERNAL_DOWNLOADS]: The skill references several widely-used NPM packages and utilizes reusable GitHub Action workflows from 'sxzz/workflows'. These external resources are standard in the web development ecosystem and are used for routine CI/CD tasks.
- [DATA_EXFILTRATION]: Security best practices are encouraged through the inclusion of sensitive file patterns (e.g., .env, .cache) in the recommended .gitignore configuration, preventing accidental exposure of credentials.
- [NO_CODE]: The logic provided in the 'alias.ts' utility for monorepo management is a standard synchronization script that operates exclusively on local project configuration files using native Node.js modules.
Audit Metadata