lovstudio-maintain-partners

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/audit_partners.py uses subprocess.run to execute curl for checking the HTTP status of partner URLs. This is part of an optional auditing feature triggered by the --probe flag.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md suggest using the sed utility and the rsvg-convert binary to process SVG files. These are routine operations for cleaning and rasterizing logo assets.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the Pillow library and librsvg for image manipulation. It also utilizes a companion skill, lovstudio-find-logo, hosted on the author's GitHub repository. All such dependencies are from well-known or vendor-controlled sources.
  • [SAFE]: The skill reads project-specific configuration from a local file at ~/.lovstudio/skills/profile.json and environmental variables to identify the website repository path. This localized file access is consistent with its role as a repository maintenance tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 09:25 PM
Security Audit — agent-trust-hub — lovstudio-maintain-partners