004-commands-installation

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs file system operations (creating directories and copying files) to manage internal command assets. These operations are limited to a specific set of four target directories (.github/commands, .claude/commands, .cursor/command, and .codex/commands) and are triggered only after explicit user interaction.
  • [DATA_EXFILTRATION]: No network activity or external data transmission is present. All assets are sourced from local project resources (skills-generator/src/main/resources/skill-references/assets/commands/).
  • [PROMPT_INJECTION]: The skill uses a structured Java project assistant persona with constraints that enforce safe, deterministic behavior. It specifically includes safeguards against inventing requirements or exposing credentials.
  • [EXTERNAL_DOWNLOADS]: The skill strictly mandates sourcing content from repository-embedded assets only, prohibiting downloads from external URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 05:56 PM