setup
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a hardcoded shell script to detect the project's technology stack (e.g., Rails, Python, TypeScript).
- Evidence: The script in Step 2 uses standard
test -fandechocommands to check for the presence of files likeGemfile,package.json, orrequirements.txt. - Analysis: This is a safe and standard implementation for environmental auto-detection; the command does not incorporate untrusted external input and is limited to identifying file existence.
- [SAFE]: Local file management for configuration.
- Evidence: The skill reads and writes to
compound-engineering.local.mdin the project root. - Analysis: These operations are restricted to a specific configuration file within the user's project directory and are used to store setup preferences as intended by the skill's primary purpose.
Audit Metadata