Skills
skills/lobehub/lobe-chat/response-compliance/Gen Agent Trust Hub

response-compliance

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's documentation describes a process where a script (compliance-test.sh) clones an external GitHub repository (https://github.com/openresponses/openresponses) and executes its CLI test runner locally. Executing code downloaded from third-party repositories at runtime presents a supply chain risk, as the integrity and safety of the external code cannot be guaranteed.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch external content from GitHub during its operation. Specifically, it targets the openresponses/openresponses repository to retrieve the compliance testing suite.
  • [COMMAND_EXECUTION]: The skill provides several shell commands using the bun runtime to execute local scripts and tests. These commands include environment variable assignments and flag-based configurations (like --api-key) that interact with local scripts and network endpoints.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 02:13 PM