xingyu
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures GitHub Actions workflows in
references/setting-up.mdthat depend on external, reusable workflows from thesxzz/workflowsrepository. These workflows are executed during CI/CD operations and represent a remote dependency from a source outside of the trusted organizations list. - [COMMAND_EXECUTION]: In
references/monorepo.md, the skill includes analias.tsscript that uses the Node.jsfsmodule to dynamically read, parse, and overwrite thetsconfig.alias.jsonconfiguration file based on calculated project paths. - [COMMAND_EXECUTION]: The skill defines and encourages the use of various automation commands (e.g.,
@antfu/nisuite,pnpm run lint --fix,npx simple-git-hooks) which execute shell scripts and interact with package managers in the local development environment.
Audit Metadata