dogfooding
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for repository maintenance and quality assurance, and its behavior is consistent with its stated purpose.\n- [COMMAND_EXECUTION]: The skill uses shell scripts to automate testing and reporting tasks.\n
- Evidence: The scripts
scripts/generate-dogfooding-report.shandscripts/validate-dogfooding.shinclude logic to prevent directory traversal by checking output file paths for '..' or leading slashes.\n- [EXTERNAL_DOWNLOADS]: The configuration setup for continuous validation references the official@vercel/skillsCLI tool.\n - Evidence:
scripts/setup-continuous-dogfooding.shgenerates workflow configurations that install the package from the official registry of a well-known organization (Vercel).\n- [DATA_EXFILTRATION]: The skill provides an optional feature to send status notifications via webhooks usingcurl.\n - Evidence: This functionality is standard for CI/CD status reporting and is designed to use repository secrets for configuration, posing no inherent risk of unauthorized data exfiltration.
Audit Metadata