buddy
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the orchestrator's logic and sub-agent instructions confirms that all operations are aligned with its stated purpose. The skill follows best practices for multi-agent coordination.
- [COMMAND_EXECUTION]: The skill uses local scripts (state.js, progress.js, check-env.js) and shell commands (git, npm, npx) to manage the development lifecycle. These executions are restricted to project-specific tasks like branching, testing, and linting.
- [EXTERNAL_DOWNLOADS]: The skill references several Model Context Protocol (MCP) servers for extended functionality (Linear, GitHub, Web Search). These are downloaded and executed via
npxfrom well-known and trusted organizations. - [PROMPT_INJECTION]: The skill employs specific instructions and iterative loops to ensure sub-agents adhere to the orchestration plan. While it uses strong instructional language (e.g., "IMPORTANT", "CRITICAL"), these are used for internal control flow and do not represent malicious bypass attempts.
Audit Metadata