Skills
skills/fellowship-dev/dogfooded-skills/maintenance/Gen Agent Trust Hub

maintenance

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill retrieves a sensitive GitHub token by reading a local environment file located at /home/ubuntu/projects/fellowship-dev/claude-buddy/.env to authenticate subsequent GitHub CLI commands.
  • [COMMAND_EXECUTION]: The skill dynamically generates and appends shell commands (e.g., git pull booster main --no-edit && git push) to an overnight-tasks.md file for deferred execution. This pattern creates a mechanism for indirect command execution.
  • [CREDENTIALS_UNSAFE]: The skill performs a recursive search across the project directory for sensitive patterns, including GitHub tokens and API keys. While intended for security auditing, this operation involves processing raw credentials within the agent session.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 02:53 AM