setup
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to detect the project environment (e.g., checking for 'Gemfile' or 'package.json'). These commands are static and do not incorporate user-supplied data, preventing command injection vulnerabilities.
- [SAFE]: The skill's core functionality involves reading and writing a local configuration file ('compound-engineering.local.md'). This behavior is transparent, documented, and restricted to the project root, with no evidence of unauthorized access to sensitive system paths or credentials.
- [SAFE]: No external network operations, remote code downloads, or obfuscation techniques were detected. The use of 'disable-model-invocation: true' in the frontmatter serves as a security constraint by preventing autonomous model actions during the setup process.
Audit Metadata