brief
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to initialize and build the project, including a bundled Python script (init_brief_site.py) and standard Node.js commands (npm install, npm run dev, npm run build). These operations are consistent with the skill's stated purpose of project bootstrapping.
- [EXTERNAL_DOWNLOADS]: The project uses npm install to fetch dependencies from the official npm registry. All listed dependencies, such as React, Radix UI, and Tailwind CSS, are well-known libraries from trusted sources.
- [DATA_EXPOSURE]: The skill manages report files and metadata within the user's local directory. It includes a sandboxed iframe to render generated HTML reports; the sandbox configuration (allow-same-origin) correctly limits the execution environment by not including 'allow-scripts', thereby preventing script execution within the reports.
Audit Metadata