librarian-tool
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation suggests installing the
uvtool from its official distribution point atastral.sh. This is a well-known service for Python environment management. - [COMMAND_EXECUTION]: The Python script executes local
git configcommands to retrieve the system user's name and email for document history records. These commands are executed using structured argument lists, which prevents shell injection vulnerabilities. - [DATA_EXFILTRATION]: The tool includes robust path resolution logic that verifies all file operations (read, update, create) stay within the authorized
docs/directory or project root. This effectively prevents directory traversal attacks and unauthorized access to sensitive system files.
Audit Metadata