cs-onboard
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands (
cp,git mv) and PowerShell commands (Copy-Item) to organize and migrate project files. These operations are restricted to the local file system and are used solely for the stated purpose of repository onboarding and documentation management. - [REMOTE_CODE_EXECUTION]: The skill executes provided Python scripts (
search-yaml.py,validate-yaml.py) that are part of the skill's own package. These scripts are used to search and validate local markdown files and do not involve remote loading or execution of untrusted code. - [EXTERNAL_DOWNLOADS]: No network activity was detected. The skill does not fetch any external resources; all files are copied from the local installation path of the skill.
- [PROMPT_INJECTION]: The skill instructions define the workflow for repository setup and auditing. While the skill processes user-owned markdown files during migration, it mitigates risk by generating an audit report and requiring explicit user confirmation before any file movement or modification occurs.
- [DATA_EXFILTRATION]: There are no network operations, API calls, or data transmission patterns identified. The skill's activities are confined to the local project environment.
Audit Metadata