backlog
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is designed to manage project backlogs by keeping local Markdown files and GitHub Issues in sync, which is a legitimate and transparent use case.
- [EXTERNAL_DOWNLOADS]: The skill utilizes standard Python packages including pygithub, fastmcp, pydantic, and python-frontmatter, which are fetched from reputable public registries for core functionality.
- [COMMAND_EXECUTION]: The skill incorporates a local Python script (backlog.py) that is executed via 'uv run' to provide a CLI interface for maintenance and CI workflows, which is an expected pattern in this development harness.
- [SAFE]: All network operations are directed at the GitHub API (a well-known service) for issue synchronization. These operations require an explicitly provided GITHUB_TOKEN and are consistent with the skill's stated purpose.
Audit Metadata