health-check
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of system utilities for health verification, including
pg_isreadyfor PostgreSQL,redis-clifor Redis, and a PowerShell script (scripts/health-check.ps1). These are standard diagnostic tools used within their intended operational contexts. - [EXTERNAL_DOWNLOADS]: Instructions include using
curlandwgetwithin Docker healthcheck configurations to probe application endpoints. These network operations are targeted atlocalhostto verify service availability and do not involve fetching remote payloads. - [DATA_EXPOSURE]: The
/api/health/routesendpoint pattern describes a mechanism to scan theapp/api/directory to discover and verify API routes. While this involves filesystem access, the scope is restricted to the application's own directory for discovery purposes. - [CREDENTIALS_SAFE]: The skill correctly demonstrates best practices for security by using environment variables (e.g.,
CRON_SECRET) for authentication on monitoring endpoints and provides placeholder values for Docker database configurations rather than hardcoded credentials.
Audit Metadata