stack-up
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a local shell script (
scripts/scan-stack.sh) used during the 'audit' module to inventory project manifests (e.g., package.json, requirements.txt, go.mod) and top-level dependencies. - [EXTERNAL_DOWNLOADS]: The agent is instructed to perform live web research via the host's tools to verify technology maintenance status, latest versions, and pricing tiers. This ensures recommendations are not based on stale training data.
- [SAFE]: The skill instructions explicitly direct the agent to avoid hardcoding secrets and instead recommend the use of environment variables or secret managers in generated scaffold plans.
Audit Metadata