linter-formatter-init
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/setup.pyutilizessubprocess.runto execute shell commands for project initialization. These operations include detecting the local package manager (usingwhich bun), installing project dependencies (e.g.,bun add -D), and initializing Husky for git hooks. The script correctly passes arguments as lists tosubprocess.run, which prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill triggers the installation of several well-known and reputable development packages (Biome, ESLint, Prettier, Vitest, Husky) from official public registries (NPM). These are standard tools for the stated purpose of the skill.
- [SAFE]: The skill performs expected file system operations within the project directory specified by the user. It creates and updates configuration files (
biome.json,.eslintrc.json,package.json,.vscode/settings.json) and sets the executable bit on the Husky pre-commit hook file. All actions are transparent and consistent with the skill's description.
Audit Metadata