skill-sync
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs command execution using permitted tools (
mmk,git,gh) strictly for the purpose of repository maintenance and documentation updates. All commands are targeted at the vendor's own infrastructure and local project files. - [SAFE]: Network activity is restricted to standard Git and GitHub operations (
git push,gh pr create) to facilitate pull request workflows. No sensitive data, such as environment variables or SSH keys, is accessed or transmitted. - [SAFE]: The skill handles data from the
mmkCLI output. While this constitutes an ingestion surface, the source is the vendor's own binary, and the skill employs secure shell practices—such as using quoted heredocs (<<'EOF')—to prevent the content from being evaluated as code during pull request creation.
Audit Metadata