skill-repo

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes several utility scripts (validate-skill.sh, check-version-parity.sh, migrate-licensing.sh) that use standard Linux utilities (grep, awk, jq, find) and Python 3 to automate repository maintenance. These operations are restricted to the local filesystem and are consistent with the skill's purpose as a developer tool.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation and validation logic reference official Netresearch GitHub repositories for reusable CI/CD workflows and additional documentation. These are trusted sources owned by the skill's author and do not present a security risk.
  • [DYNAMIC_EXECUTION]: Some maintenance scripts utilize Python heredocs to perform JSON manipulation and complex regex replacements on local files. This is a standard automation pattern for cross-platform compatibility and does not execute untrusted external code.
  • [DATA_EXPOSURE]: The skill interacts with repository metadata files such as plugin.json, composer.json, and package.json. It includes safeguards to prevent editing sensitive agent configuration paths (e.g., ~/.claude/) and focuses on the local project worktree.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:15 PM
Security Audit — agent-trust-hub — skill-repo