wash
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access (e.g., SSH keys), or suspicious network operations were identified.\n- [External Downloads] (SAFE): The
wash newcommand references project templates from a legitimate GitHub organization (cosmonic-labs). While not on the specific trusted list provided in the instructions, this is a standard and expected feature of the tool for bootstrapping projects.\n- [Remote Code Execution] (SAFE): No patterns for executing arbitrary remote scripts (e.g.,curl | bash) or dynamic code execution were found.\n- [Persistence & Privilege Escalation] (SAFE): The skill does not contain commands for modifying system startup files, crontabs, or acquiring root privileges.
Audit Metadata