nav-features

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The feature_manager.py script uses subprocess.run with shell=True to execute a shell command (command -v navigator-multi-claude.sh). This is used solely to verify the installation status of an optional component. The command string is hardcoded within the script's internal configuration and is not derived from user input, which mitigates the risk of command injection.
  • [SAFE]: The skill's primary function is to manage a local JSON configuration file located at .agent/.nav-config.json. The analysis confirmed that the skill does not perform network requests, access sensitive files (such as SSH keys or cloud credentials), or use any form of code obfuscation. The provided functionality aligns with the stated purpose of managing tool features.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:43 AM
Security Audit — agent-trust-hub — nav-features