system-environment-setup
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains example credentials and default passwords in configuration templates, such as 'POSTGRES_PASSWORD: password' and 'AWS_ACCESS_KEY_ID=AKIAXXXXXXX'. These are explicitly documented as placeholders for local development. The skill also enforces mandatory rules and .gitignore configurations to prevent the accidental commitment of real secrets.
- [COMMAND_EXECUTION]: The provided Makefile includes an interactive command 'migrate-create' that reads user input into a shell variable. While this creates a potential local command injection surface if used with malicious intent, it is a standard pattern for local development scripts and automation tooling.
- [EXTERNAL_DOWNLOADS]: The skill references standard software dependencies through npm and official Terraform providers from Hashicorp. These operations target well-known, trusted registries and services commonly used in modern software development workflows.
Audit Metadata