coherence
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes scripts that execute system-level commands for repository maintenance.
check-coherence.mjsrunsgit statusto monitor file modifications, andinstall-coherence-hooks.shmanages file permissions for git hooks. These operations are consistent with the skill's stated purpose as a development tool. - [EXTERNAL_DOWNLOADS]: Installation commands in the documentation use well-known package managers to fetch the skill from its official repository. There are no indications of runtime downloads from untrusted or hidden sources.
- [DATA_EXFILTRATION]: While the skill processes project metadata and prompts, it operates entirely on the local file system. The instructions specifically include policies to prevent the recording of secrets in configuration files, reducing the risk of accidental sensitive data exposure.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted prompt data to generate documentation. While this creates a surface for indirect prompt injection, the skill mitigates this by wrapping content in markdown code blocks and providing a structured reconciliation process.
Audit Metadata