Skills
skills/kinoward/dayu-harness-skill/dayu-harness/Gen Agent Trust Hub

dayu-harness

Pass

Audited by Gen Agent Trust Hub on Jun 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard development utilities such as git, gh (GitHub CLI), npm, and python3 to initialize repositories, manage remote configurations, and perform project health checks. These actions are consistent with the skill's purpose as a project-level governance tool.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with api.github.com to fetch repository metadata, contributor information, and Pull Request details. These operations are performed using official GitHub tools and standard libraries for legitimate automation and validation purposes.
  • [SAFE]: Evaluation of automated alerts concerning Remote Code Execution (RCE) confirmed they are false positives. The identified patterns in the GitHub workflows and helper scripts involve Python scripts processing JSON data from the GitHub API for structural validation. No untrusted data is executed as a command.
  • [SAFE]: The skill incorporates security best practices by deploying branch protection rules and ensuring that sensitive environment files are excluded from version control via .gitignore templates.
  • [SAFE]: The skill adheres to explicit activation rules, triggering only when the user enters the /dayu-harness command, and it does not attempt to override agent safety guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 2, 2026, 07:38 AM
Security Audit — agent-trust-hub — dayu-harness