careful
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and internal hook script include logic to perform local telemetry. This involves using shell commands to create a hidden directory (~/.gstack/analytics) and append usage metadata, such as the current git repository name and timestamps, to a JSONL log file on the local filesystem.
- [SAFE]: Although static analysis tools flagged destructive commands like 'rm -rf' and 'DROP TABLE' in bin/check-careful.sh, these are used strictly as regular expression patterns to identify risky commands before they are executed. The skill serves as a protective layer and does not perform these destructive actions itself.
- [SAFE]: The PreToolUse hook correctly implements a command-checking mechanism using standard utilities like grep, sed, and python3 to parse tool inputs. This process ensures that safe operations, such as cleaning up common build directories like node_modules, are allowed through while flagging high-risk operations for user confirmation.
Audit Metadata