show-me-your-work
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements proactive defense against CSV injection (formula execution in spreadsheets) within the
scripts/log.shscript. It sanitizes inputs by removing control characters and prefixing potential formula triggers (=,+,-,@) with a single quote. - [SAFE]: The instructions for auditing transcripts provide explicit privacy boundaries, directing the agent to only read history relevant to the current task while warning against accessing global or unrelated project history directories like
~/.cursor/projects/*/. - [COMMAND_EXECUTION]: The skill uses a local bash script to maintain the decision log. The command execution is restricted to standard file system operations (appending to a TSV file) and does not involve network access, privilege escalation, or remote code downloads.
Audit Metadata