Skills
skills/paulund/ai/dev-pre-commit/Gen Agent Trust Hub

dev-pre-commit

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and acts upon data in local project files.
  • Ingestion points: The skill reads 'package.json' to identify scripts and various lock files to detect the package manager.
  • Boundary markers: Absent; there are no instructions to the agent to treat project file content as untrusted.
  • Capability inventory: The skill executes shell commands for package installation and tool initialization, and it writes configuration files to the local directory.
  • Sanitization: Absent; script names from 'package.json' are used directly without validation in the generated hook script.
  • [COMMAND_EXECUTION]: The skill executes shell commands to set up the development environment, including dependency installation and Husky initialization.
  • [EXTERNAL_DOWNLOADS]: The skill installs common development packages from standard registries.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 07:13 AM
Security Audit — agent-trust-hub — dev-pre-commit