infer-insights
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script that executes npm view and node -e to check for package updates. These commands are part of a legitimate version-checking mechanism within the vendor's ecosystem and do not perform unauthorized actions.
- [DYNAMIC_EXECUTION]: Employs node -e to extract version information from the local package.json file of the @inferevents/sdk. This operation is limited to reading metadata and is executed within a controlled context.
- [SAFE]: The skill demonstrates safe data handling and user interaction practices, including the use of a dedicated cache directory (~/.infer) for update metadata and the correct implementation of the AskUserQuestion tool. No patterns of obfuscation or data exfiltration were identified.
Audit Metadata