Skills
skills/takazudo/claude-resources/dev-npxify/Gen Agent Trust Hub

dev-npxify

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Analyzes project structure using grep and manages dependencies using npm install or pnpm install based on detected lockfiles.
  • [EXTERNAL_DOWNLOADS]: Facilitates the download and execution of packages from the npm registry via npx and pnpm dlx.
  • [EXTERNAL_DOWNLOADS]: Includes a reference to @takazudo/mdx-formatter, which is a tool provided by the author for project formatting.
  • [PROMPT_INJECTION]: This skill possesses an indirect prompt injection surface as it ingests and processes content from package.json and source code files which could be manipulated by an attacker.
  • Ingestion points: Reads dependency names, versions, and script definitions from package.json and runs grep on source code.
  • Boundary markers: None are used to separate untrusted file content from the agent's internal reasoning.
  • Capability inventory: The skill can modify local files (package.json, hooks) and execute shell commands (npm, pnpm, grep).
  • Sanitization: No sanitization or verification of the external file content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:14 PM
Security Audit — agent-trust-hub — dev-npxify