check-environment
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard version-check commands for common development tools (e.g.,
git --version,python3 --version,jq --version,node --version,claude --version). These are non-destructive, read-only operations used for environment verification. - [EXTERNAL_DOWNLOADS]: (Informational) The skill provides remediation advice for missing dependencies, including links to official, well-known services such as
nodejs.organd standard package managers (brew,apt). These are safe references to official software distributions. - [DATA_EXFILTRATION]: (Negative Finding) The skill does not contain any network requests to external domains, nor does it attempt to access sensitive files like credentials or SSH keys.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies project environments by checking for the existence of files like
package.json,requirements.txt, andCargo.toml. While these files are externally controlled, the skill's current scope is limited to detecting their presence rather than parsing their content for executable instructions. - Ingestion points: Reads file existence for project markers (e.g.,
package.json,pyproject.toml,go.mod). - Boundary markers: None explicitly defined for file content reading.
- Capability inventory: Version checking via shell commands; no file-write or network-outbound capabilities defined in this skill.
- Sanitization: Not applicable as it primarily checks for tool availability and versions.
Audit Metadata