Skills
skills/mizchi/chezmoi-dotfiles/apm-usage/Gen Agent Trust Hub

apm-usage

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions enable the agent to fetch and install skills, instructions, and MCP servers from remote Git providers such as GitHub and GitLab using the apm install command.
  • [COMMAND_EXECUTION]: The skill defines a manifest schema (apm.yml) that supports a scripts field and a postinstall hook. These allow for the execution of arbitrary shell commands through the apm run interface or automatically after a successful installation.
  • [DATA_EXFILTRATION]: Instructions specify how to handle authentication via gh auth, git credential, and environment variables like GITHUB_APM_PAT. While necessary for private repository access, these patterns involve the handling of sensitive credentials.
  • [SAFE]: The skill includes security-conscious features such as an apm audit command and a --dry-run flag for previewing changes before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 08:33 AM
Security Audit — agent-trust-hub — apm-usage