agent-rules
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to perform static analysis of a codebase to generate documentation. This is accomplished using standard shell utilities (grep, find, jq, git) and does not involve malicious behavior.
- [SAFE]: The command verification script (
verify-commands.sh) includes built-in security mitigations, such as a whitelist of allowed base commands and a requirement for explicit enabling of execution modes (smoke testing), which prevents the accidental execution of arbitrary or malicious commands from unverified AGENTS.md files. - [SAFE]: The skill follows secure coding practices for AI agent extensions, including the use of whole-line placeholders in templates and ensuring that all example configuration files use safe, non-functional credentials (e.g., 'your-secret-key-change-in-production').
- [SAFE]: External references and dependencies originate from trusted or well-known sources, including the skill's own author (Netresearch DTT GmbH), and the analysis confirms that no obfuscation or data exfiltration techniques are employed.
Audit Metadata