setup-workflow
Warn
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands such as git, pnpm, and python through scripts and the Bash tool to manage workflows and run tests. Evidence is found in _cli/cli/plugin/release.py and _templates/hooks/workflow_hooks.py.
- [EXTERNAL_DOWNLOADS]: Automated dependency management scripts fetch and install Python packages from PyPI and system packages from native Linux repositories or Homebrew. This is implemented in _cli/cli/dependencies.py and _shared/tools/dependency-utils.sh.
- [COMMAND_EXECUTION]: The utility script _shared/tools/dependency-utils.sh utilizes sudo to acquire administrative privileges when invoking system package managers like apt-get, yum, or dnf.
- [COMMAND_EXECUTION]: The skill establishes persistent execution hooks by modifying the global agent settings in ~/.claude/settings.json during the installation process as seen in _shared/tools/hooks/install-hooks.sh.
Audit Metadata