nav-features
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
feature_manager.pyscript usessubprocess.runwithshell=Trueto execute a shell command (command -v navigator-multi-claude.sh). This is used solely to verify the installation status of an optional component. The command string is hardcoded within the script's internal configuration and is not derived from user input, which mitigates the risk of command injection. - [SAFE]: The skill's primary function is to manage a local JSON configuration file located at
.agent/.nav-config.json. The analysis confirmed that the skill does not perform network requests, access sensitive files (such as SSH keys or cloud credentials), or use any form of code obfuscation. The provided functionality aligns with the stated purpose of managing tool features.
Audit Metadata