spendguard-strict-budget-runner
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The
scripts/bootstrap_strict_budget.pyscript makes network requests to a SpendGuard instance to manage agent budgets. While it transmits an API key via headers, the target URL is user-controlled (defaulting to localhost) and the behavior is necessary for the skill's stated administrative purpose. - [EXTERNAL_DOWNLOADS] (SAFE): The documentation mentions standard installation procedures (
pip install -r requirements.txt). No suspicious or unverifiable remote script execution (e.g.,curl | bash) was found. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets are present in the skill files. Environment variable examples in the documentation use standard placeholders like
sk-...rather than real credentials. - [COMMAND_EXECUTION] (SAFE): The skill provides legitimate CLI examples and a Python script for managing the SpendGuard service. All commands and scripts are transparent and align with the skill's purpose.
Audit Metadata