library-design-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes templates and examples that demonstrate the use of
subprocess.runfor system tasks such as using thewcutility. These examples are documented to follow security best practices, including the use of argument arrays instead of shell strings, disabling shell execution (shell=False), and implementing command whitelists to prevent injection. - [EXTERNAL_DOWNLOADS]: An example implementation (
examples/two-tier-example.py) demonstrates automating downloads using the GitHub CLI (gh). This interaction targets GitHub, which is a well-known service, and is presented as a standard development workflow for managing release assets. - [SAFE]: The core mission of the skill is to provide reusable security patterns. It explicitly addresses CWE prevention strategies (including CWE-22, CWE-78, and CWE-117) by offering production-ready templates for path validation, input sanitization, and structured audit logging.
Audit Metadata