llms-txt
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions a helper tool,
@thedaviddias/mcp-llms-txt-explorer, which is fetched from the npm registry usingnpxduring site audits. - [COMMAND_EXECUTION]: The documentation suggests the use of the
npxcommand-line utility to run the author's auditing tool. - [REMOTE_CODE_EXECUTION]: The use of
npx -yto execute a package from a remote registry constitutes a remote code execution pattern. However, the package is a vendor resource belonging to the author's namespace and is presented as a legitimate utility for the skill's primary purpose.
Audit Metadata