ultracode

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements a robust security model based on explicit approval gates. Instructions in SKILL.md and references/risk-gates.md require the agent to seek user confirmation before performing any potentially risky actions, such as modifying the repository, accessing credentials, or executing external mutations.
  • [COMMAND_EXECUTION]: The skill uses local Python scripts (new_workflow.py, collect_results.py, verify_workflow.py) to manage its workflow artifact system. These scripts are deterministic and operate strictly within the user-authorized project directory.
  • [SAFE]: The scripts/codex_workflow.py script performs static extraction of workflow metadata from JavaScript-like files. It uses ast.literal_eval for safe data parsing and explicitly rejects executable JS patterns and template interpolation, preventing potential code execution risks from untrusted input files.
  • [COMMAND_EXECUTION]: The test suite in tests/test_workflow_scripts.py utilizes subprocess.run to verify the functionality of the skill's internal scripts. This usage is confined to the local development environment and is standard practice for verifying tool behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 05:18 PM
Security Audit — agent-trust-hub — ultracode