validate-skill
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses the 'bunx' command to fetch and execute the '@plaited/development-skills' package from the npm registry. This executes remote code that is not part of the skill's local files.
- [EXTERNAL_DOWNLOADS]: The skill relies on downloading an external package (@plaited/development-skills) during execution. This package is not hosted by a trusted vendor or the skill author.
- [COMMAND_EXECUTION]: The skill requires the 'Bash' tool to run shell commands, specifically 'bunx', which allows for arbitrary code execution and network access to retrieve the package.
Audit Metadata