dbs-save
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands for environment discovery and local state management. It uses
basename $(pwd)to identify the current project andmkdir -pto ensure the storage directory exists. These operations are restricted to the local environment and are standard for state-persistence tools. - [COMMAND_EXECUTION]: To ensure standardized logging, the skill executes a specific Python snippet (
python3 -c "...") to generate ISO 8601 timestamps with timezone information. This is a benign use of runtime execution for data formatting. - [COMMAND_EXECUTION]: The skill provides explicit sanitization logic for user-provided inputs used in file paths. It instructs the agent to replace all non-alphanumeric characters in the 'slug' and 'title' with hyphens, effectively mitigating path traversal and command injection risks.
- [SAFE]: The skill addresses potential data exposure by requiring the agent to notify users when sensitive information is being saved. It explicitly warns that the storage location (
~/.dbs/) is plaintext and not encrypted, allowing for user-led remediation.
Audit Metadata