nerdbot
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/kb_lint.pyexecutes thegitcommand usingsubprocess.runto retrieve repository metadata and commit history (e.g.,git rev-parse,git log). These operations are used solely for metadata retrieval and are performed with static command structures and sanitized path arguments. - [SAFE]: The skill's architecture is hermetic, with all operations occurring locally. Analysis of the Python scripts (
kb_inventory.py,kb_bootstrap.py,kb_lint.py) confirms no network communication, data exfiltration mechanisms, or remote code downloads. - [SAFE]: The skill implements strong safety patterns for file system operations, such as using
os.O_NOFOLLOWinkb_bootstrap.pyto prevent symlink-based attacks. It also enforces an 'Inventory First' read-only stage and requires explicit user approval before performing any mutations. - [SAFE]: The skill processes markdown data from user-provided repositories (Category 8). Evidence chain: Ingestion occurs via file reads in
kb_inventory.pyandkb_lint.py. Boundary markers are established through structural workflow gates and explicit confirmation rules. Capabilities include local file writing and git execution. Sanitization is performed using thepathlibmodule for secure path resolution and validation.
Audit Metadata