skill-sync
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell scripts (
sync.shandsync_test.sh) designed to be executed via theBashtool to automate project documentation updates. The scripts use standard POSIX utilities (awk, sed, grep, find) to process local files. - [DATA_INJECTION_SURFACE]: The synchronization process reads metadata (scope and auto-invoke instructions) from other
SKILL.mdfiles in the repository and interpolates them intoAGENTS.mdfiles. While this creates a surface where one skill can influence the documentation (and thus the behavior) of an agent readingAGENTS.md, this is the intended primary purpose of the skill. The script performs basic sanitization and formatting to ensure the data is placed correctly within Markdown tables. - [NO_REMOTE_ASSETS]: The skill does not perform any network operations, download external dependencies, or reference remote resources, significantly reducing its attack surface.
Audit Metadata