software-copyright-materials
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The environment setup script (vendor/docx-toolkit/scripts/setup.sh) and environment check script (vendor/docx-toolkit/scripts/env_check.sh) fetch the official Microsoft .NET installation script from https://dot.net/v1/dotnet-install.sh. This is a well-known service used to install required runtimes for the skill's document processing components.
- [COMMAND_EXECUTION]: Several Python scripts (e.g., scripts/check_environment.py, scripts/build_docx_from_md.py) use subprocess.run to invoke local shell scripts and standard tools like pandoc and dotnet. These commands are used to verify the environment, generate document previews, and build the final materials.
- [SAFE]: The skill incorporates human-in-the-loop validation via explicit confirmation stages (using scripts/confirm_stage.py) and avoids high-risk patterns like hardcoded credentials, unauthorized network exfiltration, or obfuscated code.
Audit Metadata