leaf-work
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local command-line interface named
leaffor initializing projects, managing state, and performing diagnostics. These operations are restricted to a local workspace directory (.leaf/). - [EXTERNAL_DOWNLOADS]: The documentation references external best-practice guides from well-known technology organizations (GitHub, Google, SmartBear) for informational purposes. It also describes a workflow for capturing rendered HTML from user-specified web pages for UI design tasks, which is an intended core function of the skill.
- [SAFE]: No evidence of prompt injection, obfuscation, unauthorized data exfiltration, or hardcoded credentials was found across the analyzed files. The instructions emphasize strict adherence to a structured 'gate' system with human-in-the-loop approval points.
Audit Metadata