octocode-research
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements strict input validation for all tool execution endpoints using Zod schemas, ensuring parameters conform to expected types and constraints.
- [SAFE]: It includes a dedicated path validator (
safePath) that explicitly blocks directory traversal patterns, null bytes, and URL-encoded escape sequences. - [SAFE]: The logging utility is configured to identify and redact sensitive keys such as 'token', 'secret', 'password', and 'api_key' before writing to disk, preventing accidental credential exposure.
- [SAFE]: A comprehensive guardrails document (
references/GUARDRAILS.md) is provided to instruct AI agents to ignore instructions embedded in research data and to treat external sources as untrusted. - [SAFE]: Telemetry collection for tool usage and errors is de-identified and documented with a clear opt-out mechanism via environment variables.
Audit Metadata