agentic-os
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code, prompt injections, or obfuscated patterns were detected. The skill is an educational and architectural guide for organizing agentic workflows.
- [DATA_EXPOSURE]: The skill defines a local filesystem-based state management system using the
data/directory. It explicitly identifies the use of hardcoded API keys as an anti-pattern and recommends using environment variables for sensitive data. - [PROMPT_INJECTION]: The architecture includes surfaces for potential indirect prompt injection as it processes project files and agent definitions provided in the environment.
- Ingestion points: Files located in
data/,agents/, and theCLAUDE.mdkernel. - Boundary markers: None explicitly defined in the provided markdown templates.
- Capability inventory: Full filesystem access within the project root, Git operations, test runner access, and execution of shell scripts via the
scripts/layer. - Sanitization: No specific content sanitization or filtering logic is described for the data being ingested.
- [COMMAND_EXECUTION]: The skill documents how to set up scheduled automation using system-standard tools such as macOS LaunchAgents and Linux systemd timers. These configurations are presented transparently as templates for the user to implement.
Audit Metadata