setup-matt-pocock-skills
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gh(GitHub CLI) for issue management andgitfor repository inspection (e.g.,git remote -v). These are standard operations for engineering-focused agents and are used here for legitimate project setup tasks. - [DATA_EXPOSURE]: Analysis of the instructions shows the skill reads repository metadata and existing documentation files (
CLAUDE.md,AGENTS.md,.git/config) to understand the project structure. This access is limited to project-level configuration and does not target sensitive user credentials or environment variables. - [PROMPT_INJECTION]: The skill implements a structured, multi-step process for configuration, asking the user for discrete decisions one at a time. This design prevents unintended autonomous actions and ensures the agent follows a predictable setup path.
- [SAFE]: The skill's behavior matches its stated purpose. All external templates provided are local to the skill folder and follow best practices for repository configuration without introducing obfuscation or remote code execution risks.
Audit Metadata