Launchpad

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Orchestrates developer workflows by executing local shell commands for Docker container interaction, including container name resolution and running governance audits via docker exec.
  • [COMMAND_EXECUTION]: Uses npx to run local TypeScript automation scripts located in the user's home directory for Linear issue management.
  • [SAFE]: Employs the varlock secret management wrapper to securely unlock git-crypt encrypted repositories, ensuring that sensitive keys are managed by external specialized tools rather than stored within the skill.
  • [SAFE]: Implements mandatory user-approval checkpoints via interactive gates before proceeding to critical execution stages, providing human-in-the-loop oversight for automated actions.
  • [SAFE]: Includes automated file integrity checks using xxd to verify the state of required skill files (detecting encryption or missing files) before attempting execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 07:45 AM
Security Audit — agent-trust-hub — Launchpad