skf-audit-skill
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several CLI utilities, including Git for version control operations and ast-grep for structured code analysis. These operations are essential to the core auditing functionality and are used as intended.
- [EXTERNAL_DOWNLOADS]: The workflow performs
git fetchoperations to synchronize with upstream repositories. This is used solely to detect if the source code has moved ahead of the current skill documentation. - [SAFE]: Potentially disruptive operations, such as checking out new Git references, are protected by user confirmation gates. In automated 'headless' mode, these operations are bypassed in favor of non-destructive defaults to prevent unintended modifications to the user's workspace.
- [SAFE]: The skill follows a 'zero-hallucination' principle, ensuring all findings in its generated reports are backed by AST analysis and direct source code citations rather than generative inferences.
Audit Metadata