project-tooling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes standard command-line tools (gh, vercel, supabase) for their intended administrative purposes. No suspicious or arbitrary command execution was found.
- CREDENTIALS_UNSAFE (SAFE): The skill demonstrates safe handling of secrets by using environment variables (e.g., RENDER_API_KEY) and GitHub Secrets. It explicitly warns against hardcoding secrets in the 'Tooling Anti-Patterns' section and uses placeholders for configuration.
- EXTERNAL_DOWNLOADS (SAFE): Installation instructions use trusted package managers like Homebrew and npm for official CLI tools. No unverified remote scripts or piped bash executions are present.
- DATA_EXFILTRATION (SAFE): Network activity (curl) is limited to official service APIs (api.render.com) for legitimate deployment operations and does not target unknown or malicious domains.
Audit Metadata