profile-use
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust 'redaction-by-default' architecture where personal data is masked in logs and agent context, only revealing raw values at the moment of form entry.
- [SAFE]: Data is stored locally in the user's home directory or iCloud Drive with strict 0600 file permissions, ensuring no data touches external servers or the chat history unless explicitly required.
- [EXTERNAL_DOWNLOADS]: The skill references a shell script hosted on the author's GitHub repository (
https://raw.githubusercontent.com/leeguooooo/profile-use/main/install-app.sh). - [TRUST-SCOPE-RULE]: This download is used to install a native macOS GUI for the skill and is documented as a legitimate part of the installation process for this author's toolset.
- [COMMAND_EXECUTION]: The Python script and Swift app execute shell commands to interact with
rbw(a Bitwarden CLI) and perform file operations. - These operations are used strictly for local vault access and profile management, following the principle of least privilege.
- [CREDENTIALS_SAFE]: Password management is handled through a Bitwarden/Vaultwarden integration (
rbw). The skill never asks for or stores the master password, requiring the user to unlock the vault themselves in their own terminal environment. - [DATA_EXFILTRATION]: No network exfiltration patterns were detected. The scripts contain no networking code (
curl/requests) except for the installation script mentioned above.
Audit Metadata