ai-setup

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands to verify the environment. This includes directory existence and writability checks (test -d, test -w) on the local filesystem.
  • [COMMAND_EXECUTION]: It performs Git operations to set up version control for the Obsidian vault, including git init, git remote add, git commit, and git push. These operations are performed at the vault root directory.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing additional components using the command npx skills add cristiano-pacheco/ai-tools. This fetches and installs external skill packages from the author's repository.
  • [DATA_EXFILTRATION]: While the skill performs a git push of the vault's contents, it explicitly asks the user for the destination remote URL first. This is a standard part of the intended synchronization feature rather than a malicious exfiltration attempt.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 02:45 PM
Security Audit — agent-trust-hub — ai-setup