cuopt-developer

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a set of non-negotiable 'Refusal Rules' that instruct the agent to decline harmful operations, including privileged commands (sudo), destructive actions (rm -rf), and writes outside the project workspace.
  • [SAFE]: Static analysis triggers for code execution patterns in benchmark/evals.json are false positives. These instances are safety test cases (e.g., dev-038-injection-eval-user-input and dev-023-injection-curl-bash) used to ensure the agent correctly identifies and refuses malicious user requests.
  • [SAFE]: Dependency management is strictly controlled through a central dependencies.yaml file and automated hooks, preventing ad-hoc or unauthorized package installations during development.
  • [SAFE]: The skill follows secure contribution practices, such as requiring Developer Certificate of Origin (DCO) sign-offs for all commits and utilizing a fork-based pull request workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — cuopt-developer