Skills
NYC
skills/erichowens/some_claude_skills/code-necromancer/Gen Agent Trust Hub

code-necromancer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (LOW): The skill's primary 'Archaeology' phase involves searching for and cataloging hardcoded credentials, API keys, and environment variables (e.g., in secrets-needed.md and references/archaeology-guide.md). While this is a documented part of the modernization process, it explicitly pulls sensitive data into the agent's context.
  • [COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to run repository scanners (scripts/scan-repos.sh) and searches codebases using grep and find. It also leverages the GitHub CLI (gh) to extract organization data. Executing these tools on potentially untrusted file structures carries operational risk.
  • [REMOTE_CODE_EXECUTION] (LOW): During the 'Resurrection' phase, the agent is instructed to install dependencies (npm install, pip install) and run integration tests on the legacy codebase. This results in the execution of code from the target repository, which may contain malicious logic if the codebase was compromised prior to analysis.
  • [DATA_EXFILTRATION] (SAFE): While the skill gathers sensitive information, there are no patterns detected that attempt to send this data to unauthorized external endpoints. The use of WebFetch is documented for legitimate dependency auditing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:04 PM