activitysmith
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts to wrap the activitysmith CLI. These scripts safely construct commands using bash arrays, ensuring that user-provided inputs such as message titles and descriptions are treated as literal arguments rather than executable code, thereby preventing command injection.\n- [EXTERNAL_DOWNLOADS]: The skill depends on the activitysmith-cli package. This is a legitimate vendor resource from the skill author (activitysmithhq) and follows standard installation practices via the npm registry.\n- [CREDENTIALS_UNSAFE]: Authentication is managed via an ACTIVITYSMITH_API_KEY. The skill correctly instructs users to provide this through environment variables or a local .env file, and it avoids hardcoding any sensitive secrets within the source code.
Audit Metadata