complexity-optimizer
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The scanner script invokes
git diffviasubprocess.runto implement its--changed-onlyfunctionality. This is implemented securely by passing arguments as a list and avoiding a shell environment (shell=False), which prevents command injection. - [DYNAMIC_EXECUTION]: A regression test script (
test_analyze_complexity.py) uses__import__('os')to manage environment variables for temporary test repositories. This is a standard programmatic use and does not pose a runtime risk to the main skill functionality. - [SAFE]: The skill operates entirely within the local filesystem. It does not perform network operations, access sensitive credentials or system paths (e.g.,
.ssh,.aws), and its scanner is read-only by default, requiring explicit user commands to perform any file modifications.
Audit Metadata