swain-do
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a collection of local scripts (e.g., bin/tk, bin/ticket-query, scripts/ingest-plan.py) and standard tools like git and bash to manage project tasks and worktrees. This behavior is consistent with the skill's primary purpose.
- [REMOTE_CODE_EXECUTION]: No evidence of remote code execution or fetching of external scripts was found. All execution targets are local to the skill or project repository.
- [DATA_EXFILTRATION]: No network operations to non-whitelisted domains were detected. The skill interacts solely with the local filesystem and the project's git repository.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or unsafe credential management practices were identified. The skill correctly instructs the use of environment variables or configuration files for persistent state.
Audit Metadata