audit-flow
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates locally using a SQLite database (".audit/audit.db") to store audit traces and findings, ensuring data persistence across sessions without external dependencies.
- [SAFE]: The Python script "audit.py" uses only standard library modules for its core operations. It includes an optional "pyyaml" dependency which is a well-known and trusted package for YAML serialization.
- [SAFE]: Command execution is restricted to standard Git operations ("git rev-parse", "git status", "git config") using the "subprocess" module. These calls are used to capture version control context and configure local merge/diff drivers, which is appropriate for the skill's purpose.
- [SAFE]: The skill includes a sanitization function "sanitize_mermaid_label" that escapes problematic characters in node labels, reducing the risk of indirect injection issues in generated Mermaid diagrams.
- [SAFE]: File system operations are confined to the project directory, specifically writing documentation and audit artifacts to "docs/audits/" and maintaining its own database in ".audit/."
Audit Metadata