Skills
skills/charlesjones-dev/claude-code-plugins-dev/compliance-notice-generate/Gen Agent Trust Hub

compliance-notice-generate

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill facilitates the generation of open-source notice files by scanning local project manifests (e.g., package.json, requirements.txt) and license files. This is a legitimate development workflow.
  • [SAFE]: Implements a security boundary by explicitly instructing the agent to ignore any text or paths provided as arguments to the command, which mitigates potential command or argument injection.
  • [SAFE]: Employs an interactive configuration flow using the AskUserQuestion tool to determine output format and scope, rather than relying on unvalidated user input.
  • [SAFE]: No evidence of data exfiltration or unauthorized network communication was detected. The only URL referenced is a link to the author's public repository for tool attribution.
  • [SAFE]: File system operations are restricted to reading dependency metadata and writing the resulting documentation files to the project's root directory.
  • [SAFE]: The skill does not perform any dynamic code execution, package installations, or persistence-related operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 11:38 AM