link-workspace-packages
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to assist with monorepo dependency management, and it uses standard industry practices for this task.
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard package manager commands (e.g.,
pnpm add,npm install). These are appropriate for the developer-centric task of linking packages within a local workspace. - [INDIRECT_PROMPT_INJECTION]: The skill identifies the project environment by reading local files like
package.jsonand lockfiles. While this involves processing external data, the logic is limited to package manager detection and does not expose the agent to high-risk instruction overrides. - [DATA_EXPOSURE]: The skill interacts with common project configuration files (
package.json,pnpm-lock.yaml, etc.) to perform its intended function, but does not attempt to access sensitive credentials or exfiltrate data.
Audit Metadata