Skills
skills/hoangnb24/skills/using-khuym/Gen Agent Trust Hub

using-khuym

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses local Node.js scripts to automate project setup and status reporting. No malicious patterns or security risks were identified.
  • [COMMAND_EXECUTION]: Several scripts use execFileSync and spawn to manage local project state. These operations are limited to environment discovery (checking for Node.js, Git, and CLI dependencies) and querying a local GKG server (localhost) for codebase intelligence status. All command strings are hardcoded or derived from standard platform environment variables.
  • [DATA_EXFILTRATION]: No network activity to external domains was detected. Network operations are confined to checking the status of local services on 127.0.0.1.
  • [PROMPT_INJECTION]: The skill instructions define a structured development workflow with explicit human-in-the-loop checkpoints (Gates 1-4). These gates require the user to approve high-level context, plans, and execution steps, which serves as a security control against autonomous misbehavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:26 PM