Skills
skills/garrytan/gstack/pair-agent/Gen Agent Trust Hub

pair-agent

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the installation script for the Bun runtime from the official well-known service URL https://bun.sh/install.
  • [REMOTE_CODE_EXECUTION]: Executes the downloaded Bun installation script via bash after verifying its integrity with a hardcoded SHA256 checksum.
  • [COMMAND_EXECUTION]: Uses the Bash tool to perform a variety of system tasks, including directory creation, git branch detection, and modifying project-specific files like CLAUDE.md for skill routing.
  • [DATA_EXFILTRATION]: Implements an optional telemetry system that logs skill usage and performance metrics to local files and remote vendor endpoints. Users are prompted to opt-in to this feature.
  • [DYNAMIC_EXECUTION]: Employs eval and source to process the output of internal binaries within the skill's installation path to manage session states and configurations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:52 PM
Security Audit — agent-trust-hub — pair-agent