010103-package-operations
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/validate.pyusessubprocess.runto execute standard package manager commands likenpm audit,pnpm outdated, andbun --version. These operations are performed using list-based arguments, which is a secure practice that prevents shell injection. The commands are limited to checking tool status and dependency metadata. - [EXTERNAL_DOWNLOADS]: The skill facilitates interaction with official package registries (e.g., registry.npmjs.org) through the user's local installation of npm, pnpm, or bun. These are well-known services and the skill does not initiate any unauthorized or suspicious external downloads.
- [PROMPT_INJECTION]: The skill instructions in
SKILL.mdare descriptive and provide clear guidance to the agent for managing packages without attempting to bypass safety filters or override system constraints.
Audit Metadata