skill-repo
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several utility scripts (
validate-skill.sh,check-version-parity.sh,migrate-licensing.sh) that use standard Linux utilities (grep, awk, jq, find) and Python 3 to automate repository maintenance. These operations are restricted to the local filesystem and are consistent with the skill's purpose as a developer tool. - [EXTERNAL_DOWNLOADS]: The skill's documentation and validation logic reference official Netresearch GitHub repositories for reusable CI/CD workflows and additional documentation. These are trusted sources owned by the skill's author and do not present a security risk.
- [DYNAMIC_EXECUTION]: Some maintenance scripts utilize Python heredocs to perform JSON manipulation and complex regex replacements on local files. This is a standard automation pattern for cross-platform compatibility and does not execute untrusted external code.
- [DATA_EXPOSURE]: The skill interacts with repository metadata files such as
plugin.json,composer.json, andpackage.json. It includes safeguards to prevent editing sensitive agent configuration paths (e.g.,~/.claude/) and focuses on the local project worktree.
Audit Metadata