show-me-your-work

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements proactive defense against CSV injection (formula execution in spreadsheets) within the scripts/log.sh script. It sanitizes inputs by removing control characters and prefixing potential formula triggers (=, +, -, @) with a single quote.
  • [SAFE]: The instructions for auditing transcripts provide explicit privacy boundaries, directing the agent to only read history relevant to the current task while warning against accessing global or unrelated project history directories like ~/.cursor/projects/*/.
  • [COMMAND_EXECUTION]: The skill uses a local bash script to maintain the decision log. The command execution is restricted to standard file system operations (appending to a TSV file) and does not involve network access, privilege escalation, or remote code downloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 04:47 PM