skills/boshu2/agentops/vibe/Gen Agent Trust Hub

vibe

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Static analysis hints flagged 'eval' and 'exec' usage in 'references/python-standards.md'. Upon review, these are verified as false positives. The file is a security standards document that provides education on avoiding code injection by demonstrating dangerous patterns and offering safe alternatives like 'ast.literal_eval' or dispatch maps.
  • [COMMAND_EXECUTION]: The skill invokes several external command-line tools such as 'git', 'jq', 'radon', 'gocyclo', 'ao', and 'shellcheck'. These are standard development utilities required for the skill's stated purpose of analyzing code complexity and linting.
  • [DATA_EXFILTRATION]: The skill accesses local project files and git metadata to perform its analysis. The findings are reported back to the user or written to local report files (e.g., '.agents/council/'). No unauthorized network transmission of sensitive data or credentials was detected.
  • [PROMPT_INJECTION]: The skill uses structured prompts to guide sub-agents and the code review council. These prompts follow best practices for objective analysis and do not contain instructions to bypass safety filters or override system constraints.
  • [SAFE]: The skill includes extensive documentation on secure coding practices (SQL injection prevention, SSRF protection, path traversal avoidance, etc.) across multiple languages, demonstrating a high degree of security awareness and providing defensive utility to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 08:51 PM
Security Audit — agent-trust-hub — vibe