getting-started
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for the user to manually run a setup script from the author's GitHub repository (
borski/travel-hacking-toolkit) using shell process substitution or PowerShell. This is a vendor-provided tool for local environment configuration and is not executed automatically by the agent. - [EXTERNAL_DOWNLOADS]: Recommends downloading scripts from the author's public GitHub repository for environment setup.
- [COMMAND_EXECUTION]: Uses platform-specific commands to verify the existence of environment variables. The instructions explicitly mandate that only the status (SET/MISSING) be reported, ensuring actual API key values are never exposed or logged.
- [CREDENTIALS_UNSAFE]: The skill is designed to prevent credential exposure by redirecting the user to a secure local script for key entry, thereby avoiding the risk of secrets being captured in terminal scrollback, session logs, or API logs.
Audit Metadata