model-usage

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/model_usage.py invokes the codexbar CLI using subprocess.check_output(). The implementation is secure as it uses a fixed argument list and validates user-supplied input against a strict list of allowed options, preventing command injection.
  • [EXTERNAL_DOWNLOADS]: The skill's metadata includes installation instructions for the codexbar tool via a public Homebrew tap. This is an expected external dependency required for the skill's primary functionality.
  • [SAFE]: No malicious patterns such as data exfiltration, hardcoded credentials, or prompt injection were detected. The skill's operations are confined to processing local usage logs as described in its documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — model-usage