swain-design
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust workflow for managing documentation artifacts using well-defined templates and lifecycle phases.
- [COMMAND_EXECUTION]: Shell and Python scripts execute standard development tools such as git, gh (GitHub CLI), and jq. These operations are consistent with the skill's purpose of repository and documentation management. Commands are invoked using argument lists rather than shell-string evaluation, reducing injection risks.
- [EXTERNAL_DOWNLOADS]: The readability-check.sh script utilizes uv to dynamically install the well-known textstat library from the standard Python Package Index (PyPI). This is used for calculating Flesch-Kincaid readability scores for documentation.
- [NO_CODE]: While the skill contains numerous scripts, they are dedicated to local text processing, frontmatter parsing, and repository structure maintenance. No arbitrary remote code execution or exfiltration patterns were identified.
Audit Metadata