dotenvx
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation provides installation commands that pipe a remote script to a shell:
curl -sfS https://dotenvx.sh | sh. This pattern is consistent with the official installation recommendations for the dotenvx tool. - [COMMAND_EXECUTION]: The skill describes several shell-based workflows, including file modification via
sed, GitHub secret management viagh secret set, and shell environment configuration (set +o history) to protect sensitive data during key rotation. - [EXTERNAL_DOWNLOADS]: The skill references the official
dotenvx.shwebsite and GitHub repository for tool installation and documentation.
Audit Metadata