auto-dev
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the official vendor SDK (
@auto.dev/sdk) via npm/npx for providing MCP and CLI capabilities. These downloads are from the vendor's verified package registry. - [COMMAND_EXECUTION]: Utilizes a dedicated CLI tool (
auto) and MCP tools for automotive data operations. The commands are well-documented and scoped to the skill's primary purpose. - [DATA_EXFILTRATION]: Transmits vehicle identifiers (VINs) and search parameters to the official vendor API at
api.auto.dev. This is the intended behavior and core function of the skill. - [SAFE]: Instructions for persisting API keys in shell profiles are provided as user setup documentation for the CLI rather than instructions for the agent to modify system files autonomously.
- [SAFE]: The skill includes extensive templates for application scaffolding (Next.js, Python, etc.). It documents these as code generation patterns for the agent to provide to the user, without executing the generated code at runtime.
Audit Metadata