sops-setup
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts and binaries from official and well-known sources, including GitHub releases for sops and age, and the Homebrew installation repository.
- [COMMAND_EXECUTION]: Executes shell commands to manage tool installation via package managers, configure Git attributes for decrypted diffing, and generate cryptographic keys.
- [CREDENTIALS_UNSAFE]: Generates an age recovery key and displays it to the user; while this involves exposing a private key in the terminal, it is a necessary part of the standard tool workflow for disaster recovery and the user is explicitly instructed to move it to a password manager.
- [SAFE]: The skill implements essential security controls, including enforcing chmod 600 permissions on private key files and validating .gitignore settings to prevent accidental commits of plaintext environment variables.
Audit Metadata