trinity-onboard
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Uses Bash scripts to inspect the local filesystem, initialize Git repositories, and package the agent's source code using tar and base64 for deployment.
- [EXTERNAL_DOWNLOADS]: Configures an MCP server that uses
npxto dynamically load themcp-remotepackage and connect to a user-specified Trinity instance URL. - [CREDENTIALS_UNSAFE]: Collects sensitive Trinity API keys and URLs via user prompts, storing them in local
.envand.mcp.jsonfiles. It includes a safety mechanism that automatically updates.gitignoreto prevent these credentials from being committed to version control.
Audit Metadata