ultracite
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides legitimate project management functionality, including linting configuration, formatting automation, and editor integration setup.
- [COMMAND_EXECUTION]: The skill uses standard shell commands to execute development tools (e.g.,
bun x,npx,npm). These commands are used for project initialization and running diagnostic checks (ultracite doctor) or migrations. The commands are clearly defined in the installation and migration scripts, such asscripts/install-ultracite.shandscripts/migrate-to-ultracite.sh. - [EXTERNAL_DOWNLOADS]: The skill manages the installation of standard development dependencies like
ultracite,@biomejs/biome,eslint, andoxlint. These packages are sourced from official registries using standard package managers. All documentation and repository URLs point to legitimate, well-known domains (e.g., github.com/ultracite, biomejs.dev). - [DATA_EXFILTRATION]: No evidence of sensitive data harvesting or unauthorized network transmission was found. File access is limited to project configuration and source files, and network operations are restricted to package management tasks.
Audit Metadata