Developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The shell scripts (check-coverage.sh, lint-check.sh, and pre-commit-check.sh) perform local executions of standard development utilities like npm, pytest, go, and cargo. These operations are limited to the project directory and are triggered only when corresponding configuration files are present.
- [DATA_EXFILTRATION] (SAFE): No network-bound operations or data transmission patterns were identified. The scripts operate entirely on the local file system without external communication.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials or sensitive data were found. The skill actively helps prevent credential exposure by scanning for potential secrets in staged Git changes.
- [EXTERNAL_DOWNLOADS] (SAFE): No remote scripts or binaries are downloaded or executed. The use of npx for running linters and test runners is standard practice and does not involve untrusted remote code execution.
Audit Metadata