main

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local verification and initialization scripts (e.g., check-deps.sh, check-zotero.sh, init-writing-dir.sh) located within the plugin's root directory. These are internal tools used for environment verification and project setup.
  • [CREDENTIALS_UNSAFE]: References Zotero API credentials and library IDs; however, it correctly implements security best practices by verifying their presence in environment variables or local .env files rather than hardcoding them.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the pyyaml package from the standard Python Package Index (PyPI) to handle configuration parsing.
  • [PROMPT_INJECTION]: Ingests data from local project files and git diffs to restore session state.
  • Ingestion points: .writing/progress.md, .writing/findings.md, .writing/metadata.yaml, and git diff output.
  • Boundary markers: Absent.
  • Capability inventory: Execution of local shell scripts and invocation of domain-specific sub-skills.
  • Sanitization: Absent. This ingestion is a functional requirement for context recovery and constitutes a low-risk surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — main