community-publish
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust validation system in lib/validate.py that checks for sensitive file patterns (such as .ssh, .aws/credentials, and .env files) and prevents them from being shared.
- [SAFE]: It performs automated secret scanning on project files to detect and block the publication of hardcoded API keys (OpenAI, Anthropic, AWS, etc.) and private keys.
- [SAFE]: External resource access is restricted to official vendor domains and repositories, specifically community.iamstarchild.com and the author's GitHub organization.
- [SAFE]: Behavioral rules in SKILL.md explicitly mandate that the agent must show a diff and obtain user confirmation before performing an open-source push or executing any downloaded code.
Audit Metadata