sync-dotfiles
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled shell script (
sync.sh) to perform synchronization tasks, which includes running an embedded Python script for TOML configuration merging. - [EXTERNAL_DOWNLOADS]: The skill fetches configuration files from the vendor's GitHub repository (
github.com/camacho/ai-env) if they are not already present locally. - [REMOTE_CODE_EXECUTION]: The script uses
npxto dynamically install additional skills from the author's public repository (camacho/ai-skills).
Audit Metadata