reatom-scaffold
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructs the agent to install well-known development tools and libraries from the NPM registry, such as Vite, Vitest, oxlint, and Playwright. These are industry-standard tools for building and testing web applications.
- [SAFE]: Configuration files generated by the skill, such as .fallowrc.jsonc, reference schemas from trusted public repositories (e.g., fallow-rs on GitHub), which is a common and safe practice for providing IDE support and validation.
- [SAFE]: The skill implements a robust 'Bootstrap control protocol' using a GOAL.md file as a state ledger. This mechanism ensures that user-provided feature requests are temporarily parked and only executed after the project's core validation pipeline is green, effectively mitigating risks associated with immediate execution of untrusted user input.
Audit Metadata