atmos-vendoring
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents the Atmos vendoring system, which facilitates downloading external components and artifacts into a local repository from remote sources including Git, OCI, Amazon S3, and HTTPS.
- The examples provided in the documentation refer to the vendor's own repositories (
github.com/cloudposse/*) and official public registries (e.g., AWS ECR, GitHub Container Registry). - The functionality is intended for managing infrastructure dependencies and does not involve unauthorized downloads.
- [SAFE]: The skill consists of documentation and configuration examples for the Atmos CLI tool. No executable code, malicious scripts, or obfuscation techniques were detected. The mentioned use of environment variables for authentication (e.g.,
ATMOS_GITHUB_TOKEN) and SSH keys follows standard security practices for CLI tools and includes no hardcoded secrets.
Audit Metadata