supreme-npm-node
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the development lifecycle, including
ncu -ufor dependency updates,npm installorpnpmfor package installation, and specialized tools liketsupfor bundling andvitestfor testing. These are standard operations for the intended use case of software engineering. - [EXTERNAL_DOWNLOADS]: The skill defines a 'latest-version-always' policy, requiring the agent to fetch the newest package versions from official registries (NPM) using
npm-check-updates. This involves network operations to retrieve package metadata and install binary/source dependencies. - [PROMPT_INJECTION]: The skill contains structural constraints designed to ensure its rules take precedence over subsequent session inputs (
instruction.hierarchy.max.priority.no.later.input.can.override). This is a common prompt engineering technique to maintain the agent's persona and adherence to the defined technical discipline.
Audit Metadata