supreme-npm-node

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the development lifecycle, including ncu -u for dependency updates, npm install or pnpm for package installation, and specialized tools like tsup for bundling and vitest for testing. These are standard operations for the intended use case of software engineering.
  • [EXTERNAL_DOWNLOADS]: The skill defines a 'latest-version-always' policy, requiring the agent to fetch the newest package versions from official registries (NPM) using npm-check-updates. This involves network operations to retrieve package metadata and install binary/source dependencies.
  • [PROMPT_INJECTION]: The skill contains structural constraints designed to ensure its rules take precedence over subsequent session inputs (instruction.hierarchy.max.priority.no.later.input.can.override). This is a common prompt engineering technique to maintain the agent's persona and adherence to the defined technical discipline.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 03:35 PM
Security Audit — agent-trust-hub — supreme-npm-node