jfrog-package-safety-and-download
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by jfrog and exclusively interacts with official JFrog infrastructure and CLI tools (jf). All operations, including API calls and artifact downloads, are performed within the context of the user's JFrog environment.
- [COMMAND_EXECUTION]: The skill uses the JFrog CLI (jf) to perform metadata queries and download binary artifacts. These commands are well-structured, utilize shell variables for dynamic paths, and are appropriate for the skill's stated purpose of package management.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of software packages (npm, PyPI, Maven, Go, etc.) from Artifactory repositories. This behavior is the primary intended function of the skill and is triggered by explicit user requests for specific packages.
- [SAFE]: The skill implements safe data handling practices, such as using jq to construct JSON payloads for API requests, which prevents command injection in the curation check workflow.
Audit Metadata