Skills
skills/humanpluslabsoss/skills/init-monorepo/Gen Agent Trust Hub

init-monorepo

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local shell commands to initialize the project environment. This includes git init for version control, pnpm init and pnpm install for package management, and pnpm exec lefthook install to set up git hooks.
  • [COMMAND_EXECUTION]: It uses a shell command (bash -lc 'source "$NVM_DIR/nvm.sh" && nvm version-remote --lts') to dynamically resolve the current Node.js LTS version for use in configuration files.
  • [EXTERNAL_DOWNLOADS]: The skill fetches development dependencies from the NPM registry and references GitHub Actions from official and well-known sources, including pnpm/action-setup, actions/setup-node, and actions/checkout.
  • [REMOTE_CODE_EXECUTION]: The pnpm dlx command is used to download and execute utility packages like skills, add-gitignore, and audit-ci. These are standard tools for scaffolding and security maintenance.
  • [SAFE]: The skill installs additional agent utilities from the same author (humanpluslabsoss/skills), representing legitimate vendor functionality for extending the development environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:44 PM