dotenv-cli-usage
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill describes common development workflows using established tools such as dotenv-cli, vitest, and typescript. No malicious patterns were identified in the instructions or code snippets.
- [CREDENTIALS_UNSAFE]: The skill mentions sensitive configuration keys (AUTO_SAVE_TOKEN) but correctly uses placeholders (your-token-here) and explicitly instructs the user to add .env.local to .gitignore to prevent accidental credential leakage.
- [EXTERNAL_DOWNLOADS]: The skill references standard, well-known packages from the official npm registry (dotenv-cli, typescript, ts-node, vitest). These are trusted resources within the JavaScript ecosystem.
Audit Metadata