sync-docs
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes git commands (e.g., git diff, git ls-files, git symbolic-ref) to identify changed files and determine the project's branch state. The implementation includes sanitization logic that uses a regular expression whitelist (/^[a-zA-Z0-9._-]+$/) to validate branch names before they are used in shell command strings.\n- [SAFE]: Scans the local file system for documentation and project configuration files (like package.json, Cargo.toml) using the glob module. These operations are restricted to the current working directory.\n- [SAFE]: Provides a mechanism to detect missing dependencies (ast-grep) and uses the AskUserQuestion tool to interact with the user for consent before displaying installation instructions. This avoids unauthorized software installation.\n- [SAFE]: Utilizes relative imports for internal logic (../../lib), which is a standard pattern for modular agent skills and does not involve fetching untrusted external code.
Audit Metadata