Skills
skills/anton-abyzov/specweave/close-all/Gen Agent Trust Hub

close-all

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill reads .specweave/increments/*/metadata.json and tasks.md files to identify increments ready for closure. This access is restricted to the local project environment and does not involve sensitive user credentials or system paths.
  • [COMMAND_EXECUTION]: The script uses standard shell utilities including find, sort, jq, and grep to parse local data. No privileged commands (like sudo) or network-facing tools (like curl) are used.
  • [PROMPT_INJECTION]: There is a minimal indirect prompt injection surface as the skill processes local data files.
  • Ingestion points: metadata.json and tasks.md within the .specweave/increments directory.
  • Boundary markers: None present.
  • Capability inventory: Shell commands for file discovery and data parsing; delegation to the sw:done skill.
  • Sanitization: The use of jq -r for structured extraction and grep -c for counting patterns prevents data from being executed as arbitrary shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 02:31 PM