run-launch
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. The skill follows structured procedures for local state management and uses authoritative sources for its operational guidance.
- [COMMAND_EXECUTION]: The skill utilizes local TypeScript and JavaScript scripts (
bootstrap-experience.ts,manifest-sync.ts) to maintain project manifests and synchronize content. These scripts are implemented with defensive coding patterns, including checks to prevent symlink traversal and atomic file creation (O_EXCL) to avoid race conditions and unauthorized file overwrites. - [DATA_EXPOSURE]: The system facilitates a 'Pro' mode that uses an API key stored in a local configuration directory (
~/.config/forsvn/credentials.json). This is a standard practice for developer tools to manage synchronization with a legitimate service provider API (api.forsvn.com) without exposing secrets in the skill code itself.
Audit Metadata