agent-use
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The validation tool (
scripts/validate_skill.py) usessubprocess.callto execute the--helpcommand of scripts within the skill directory. This is used solely to verify that the scripts correctly implement a standard help interface and uses the local Python interpreter without shell execution. - [EXTERNAL_DOWNLOADS]: The web readiness probe (
scripts/web_agent_readiness.py) makes network requests to user-provided URLs using theurlliblibrary to check for agent-specific discovery files likellms.txt. These requests are targeted, non-obfuscated, and do not involve the exfiltration of sensitive local data. - [PROMPT_INJECTION]: The skill generates reports based on the analysis of repository files and web content. This presents a potential surface for indirect prompt injection if the scanned content contains instructions designed to mislead the agent. However, the risk is inherent to any auditing tool, and the skill performs basic sanitization and truncation of extracted snippets.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized credential access patterns were detected. The skill's architecture is transparent and follows security best practices for local development tools.
Audit Metadata