asir
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill recommends the use of third-party Node.js packages such as '@antfu/eslint-config', 'tsdown', and 'simple-git-hooks'. While these are widely used in the ecosystem, the source is not within the predefined 'Trusted Organizations' list.
- [COMMAND_EXECUTION] (LOW): The skill includes instructions to execute 'pnpm' and 'npx' commands for project initialization and git hook management. These are standard development operations and do not target sensitive system files or network locations. Notably, the skill suggests using '--ignore-scripts' during installation, which is a security best practice.
Audit Metadata