affiliate-check
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The setup instructions provide a command to install the Bun runtime using a shell script from a well-known service (bun.sh) via a piped command (
curl -fsSL https://bun.sh/install | bash). - [COMMAND_EXECUTION]: The project includes a
setupscript that executesbun installandbun buildto compile a local CLI tool (affiliate-check) from the source code provided in the repository. - [EXTERNAL_DOWNLOADS]: The repository's tools make network requests to the vendor's domain (
list.affitor.com) to fetch live affiliate program data used by the skills. - [SAFE]: The documentation (
CLAUDE.md) includes an explicit 'Data trust levels' section that defines security boundaries, instructing the AI agent to treat all external data as untrusted and to disregard any instructions found within API responses or web content. - [SAFE]: Every content-producing skill incorporates a 'Quality Gate' and mandatory workflows to ensure FTC-compliant disclosures are present in all promotional outputs.
Audit Metadata