tsdown
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documents features for executing arbitrary shell commands via the '--on-success' CLI flag and build lifecycle hooks such as 'build:done'. These are standard capabilities for build tools to enable post-processing and automation workflows.
- [EXTERNAL_DOWNLOADS]: The documentation mentions the installation of various official and community plugins (e.g., 'unplugin-vue', 'vue-tsc', '@rollup/plugin-babel') using standard package managers like npm or pnpm. It also references 'npx' commands for project migration and creation tools.
- [SAFE]: The skill is composed strictly of markdown documentation files referencing a legitimate open-source development project. No malicious scripts, obfuscation, or data exfiltration patterns were identified.
Audit Metadata