doctor
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill performs system-level diagnostics using a pre-defined map of components (system, node, network, etc.). User input is sanitized against a whitelist of valid check names before execution.
- [CREDENTIALS_UNSAFE] (SAFE): While the skill verifies the validity of API keys and database connection strings, it only reports on their functional status (e.g., 'Valid' or 'Invalid') and does not log, expose, or exfiltrate the raw secret values.
- [DATA_EXFILTRATION] (SAFE): Network operations are restricted to health-check pinging and latency testing of known endpoints. There is no evidence of data being transmitted to external or untrusted third-party domains.
- [DYNAMIC_EXECUTION] (LOW): The implementation uses dynamic
import()to load core diagnostic logic from a relative local path. This is a standard pattern for modular internal components and does not involve executing untrusted or remote code.
Audit Metadata