paseo-companion
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents the legitimate use of the 'paseo' CLI tool. All described functionalities, such as agent management, task isolation via git worktrees, and terminal operations, align with the tool's stated purpose.
- [COMMAND_EXECUTION]: The skill describes capabilities for executing shell commands through the CLI tool, specifically via
paseo loop run --verify-checkandpaseo terminal send-keys. These are documented as primary features of the tool and do not show signs of unauthorized or hidden execution. - [DATA_EXPOSURE]: The skill includes instructions for managing data ingestion points where untrusted content could be processed (e.g.,
paseo run --prompt-file,paseo chat read, andpaseo terminal capture). While these represent a standard surface for indirect prompt injection, they are part of the tool's intended utility for processing external information.
Audit Metadata