almanak-strategy-builder
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use various shell commands for project management, including 'almanak strat new' for scaffolding, 'almanak strat run' for execution, and 'almanak strat permissions' for generating security manifests.
- [EXTERNAL_DOWNLOADS]: Documents the installation of the vendor's 'almanak' CLI tool via 'pipx' and the management of Python dependencies through 'uv'. These are standard operations for the intended development workflow.
- [DATA_EXPOSURE]: Provides guidance on using '.env' files for local development credentials. The documentation includes a 'Security Model' section explaining that these secrets are only for local testing on forks and are not used in production environments, which aligns with standard development practices.
Audit Metadata