chezmoi-management
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a documentation resource for managing a local development environment. It outlines manual and semi-automated workflows for synchronizing configuration files and installing agent skills.
- [EXTERNAL_DOWNLOADS]: It references external repositories for dotfile management and developer utilities, including the author's own dotfiles and tools like secretlint. These are presented as part of a legitimate personal setup process.
- [COMMAND_EXECUTION]: The documentation describes standard usage of CLI tools such as chezmoi, git, and apm. It details an environment initialization command (chezmoi init --apply) that executes local scripts for configuration automation.
- [CREDENTIALS_UNSAFE]: While this category usually flags risks, here the skill actively promotes secure credential management by detailing the integration of secretlint for scanning commits and the use of chezmoi's 'private_' prefix to ensure sensitive files are stored with restricted (0600) permissions.
Audit Metadata