ecosystem-autopsy
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a bundled shell script,
scripts/discover_unregistered.sh, to identify git repositories on disk that are not yet part of the official registry. The script is well-structured, usingmktempfor temporary storage and properly quoting variables in itsfindandgrepoperations to handle paths safely. - [COMMAND_EXECUTION]: The skill relies on an external system CLI tool,
organvm, to perform auditing (organvm ecosystem audit) and query repository states. These commands are necessary for the skill's primary function of ecosystem management. - [SAFE]: The skill follows a secure 'least privilege' design by stopping at 'signal emission.' Instead of directly modifying repository configurations or the work registry, it writes proposed actions to local JSON files (
autopsy/signals/<timestamp>.json), delegating actual execution to specialized downstream skills or requiring explicit user authorization.
Audit Metadata