004-commands-installation
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations (creating directories and copying files) to manage internal command assets. These operations are limited to a specific set of four target directories (
.github/commands,.claude/commands,.cursor/command, and.codex/commands) and are triggered only after explicit user interaction. - [DATA_EXFILTRATION]: No network activity or external data transmission is present. All assets are sourced from local project resources (
skills-generator/src/main/resources/skill-references/assets/commands/). - [PROMPT_INJECTION]: The skill uses a structured Java project assistant persona with constraints that enforce safe, deterministic behavior. It specifically includes safeguards against inventing requirements or exposing credentials.
- [EXTERNAL_DOWNLOADS]: The skill strictly mandates sourcing content from repository-embedded assets only, prohibiting downloads from external URLs.
Audit Metadata