google-zx-scripting
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands using the
zxlibrary. It includes extensive documentation and recipes for managing process promises, handling standard I/O, and piping commands. The skill explicitly highlights the library's automatic shell escaping as a security feature to prevent command injection when interpolating variables. - [REMOTE_CODE_EXECUTION]: The skill provides patterns for automation scripts that execute locally. It leverages
npx zx, which is a standard method for running scripts with the reputable Google zx package. - [EXTERNAL_DOWNLOADS]: The documentation includes examples of fetching data from external APIs (specifically OpenAI and Anthropic) and downloading files using
curl. These operations target well-known technology services and are presented as functional recipes for the user to implement. - [SAFE]: The skill demonstrates safe scripting practices, including the use of
within()for context isolation, error handling for non-zero exit codes, and dry-run flags for destructive operations.
Audit Metadata