codetruss
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions downloading the
codetrussCLI fromhttps://codetruss.com/cli. It emphasizes transparency by requiring the agent to obtain explicit developer consent before installation and suggesting an 'inspect-first' flow where the user reviews the installer before execution. - [COMMAND_EXECUTION]: The skill instructs the agent to execute various
codetrussCLI commands for repository initialization, change review, and hook management. These operations are scoped to the local Git repository and intended to enforce development policies. - [PROMPT_INJECTION]: The instructions include defensive measures to prevent the agent from bypassing security controls. Specifically, the agent is told not to broaden 'allow' rules, remove 'deny' rules, or use flags like '--no-verify' to override failed security verdicts.
Audit Metadata