ai-setup
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands to verify the environment. This includes directory existence and writability checks (
test -d,test -w) on the local filesystem. - [COMMAND_EXECUTION]: It performs Git operations to set up version control for the Obsidian vault, including
git init,git remote add,git commit, andgit push. These operations are performed at the vault root directory. - [EXTERNAL_DOWNLOADS]: The skill recommends installing additional components using the command
npx skills add cristiano-pacheco/ai-tools. This fetches and installs external skill packages from the author's repository. - [DATA_EXFILTRATION]: While the skill performs a
git pushof the vault's contents, it explicitly asks the user for the destination remote URL first. This is a standard part of the intended synchronization feature rather than a malicious exfiltration attempt.
Audit Metadata