agent-skills-update

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs standard system utilities (fd, find, rg, jq, git, just) to automate the discovery and verification of project-scoped skills.
  • [COMMAND_EXECUTION]: Potentially executes npx or nlx to run Prettier for automated code formatting, but only if the tool is already defined as a dependency in the project's configuration.
  • [SAFE]: Includes explicit guardrails that prevent the skill from running at the root of the filesystem, within the user's home directory, or in global agent configuration directories (~/.agents, ~/.claude).
  • [SAFE]: Modification scope is strictly limited to SKILL.md and associated files within .agents/skills/ directories located inside the current git repository.
  • [SAFE]: Operates on a 'verify, don't rewrite' principle, focusing on factual accuracy (commands, paths, versions) rather than structural or stylistic changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 01:16 PM
Security Audit — agent-trust-hub — agent-skills-update