ask
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements strict read-only enforcement, explicitly prohibiting any mutating git operations and limiting tool access to informational commands.
- [SAFE]: Comprehensive path security controls are defined, preventing repository escapes and blacklisting sensitive file types like environment variables and credential files.
- [SAFE]: An automated output redaction process is specified to identify and mask sensitive patterns before they are returned to the user, mitigating the risk of accidental secret disclosure.
- [COMMAND_EXECUTION]: The skill executes a project-local script (node scripts/resolve-feature-cli.js) to determine the current development context, which is a benign informational operation.
- [DATA_EXFILTRATION]: While the skill reads codebase content to provide answers, it includes multi-layered defenses including file blacklists and pattern-based redaction to prevent data exposure.
Audit Metadata