init-private-rules
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches version metadata from the author's repository at
raw.githubusercontent.com/dev-goraebap/agent-collab/main/manifest.jsonto verify if updates are available. - [DATA_EXPOSURE]: Checks for the presence of environment variables such as
GEMINI_API_KEYto identify the environment; the value is not exfiltrated or stored insecurely. - [COMMAND_EXECUTION]: Provides instructions for the user to update the skill using
npx, which is the standard package runner for the platform. - [SAFE]: Explicitly manages sensitive or personal configurations by creating files recognized as private (e.g.,
CLAUDE.local.md) and ensuring they are added to.gitignoreto prevent accidental credential leakage.
Audit Metadata