mold
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill executes a bundled Python executable (
mold.pyz) to perform path resolution and analyze specification files. A review of the source code within the executable confirms it only uses standard Python libraries and read-only git commands for project identification. - [SAFE]: The skill incorporates comprehensive safety gates, including the 'Two-key handshake' which mandates explicit user approval before any file writes, and 'Agent-introduced scope' checks to ensure no unauthorized features are added to specifications.
- [SAFE]: No patterns of data exfiltration, prompt injection, or malicious remote code execution were detected. Environment variable usage is restricted to standard project and XDG path configuration.
- [SAFE]: The skill's primary function is to manage local design artifacts and documentation, aligning with its stated purpose and the provided author context.
Audit Metadata