channel-management
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script
scripts/manage-primary-channel.shto perform atomic updates to theprimary-channel.jsonconfiguration file. The script validates input and usesjqwith proper argument passing to ensure data integrity. - [COMMAND_EXECUTION]: Directly uses
jqin the instructions to append entries to~/trusted-contacts.json. The commands use the--argflag, which is a security best practice to prevent JSON injection by treating user-provided values as strings. - [SAFE]: Implements a restrictive identity recognition model. It instructs the agent to 'silently ignore' messages from unknown senders in group rooms and specifically forbids sharing API keys, tokens, or management capabilities with 'Trusted Contacts'.
- [SAFE]: No remote dependencies or external code execution patterns were detected. All scripts and references are local to the skill's directory structure or known internal paths.
Audit Metadata