skills/hungv47/meta-skills/run-launch/Gen Agent Trust Hub

run-launch

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were detected. The skill follows structured procedures for local state management and uses authoritative sources for its operational guidance.
  • [COMMAND_EXECUTION]: The skill utilizes local TypeScript and JavaScript scripts (bootstrap-experience.ts, manifest-sync.ts) to maintain project manifests and synchronize content. These scripts are implemented with defensive coding patterns, including checks to prevent symlink traversal and atomic file creation (O_EXCL) to avoid race conditions and unauthorized file overwrites.
  • [DATA_EXPOSURE]: The system facilitates a 'Pro' mode that uses an API key stored in a local configuration directory (~/.config/forsvn/credentials.json). This is a standard practice for developer tools to manage synchronization with a legitimate service provider API (api.forsvn.com) without exposing secrets in the skill code itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — run-launch