repo-sync-steward
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local repository commands, including Git and Node.js scripts (
scripts/validate-blog-frontmatter.js,scripts/generate_feed.mjs), for synchronization and validation tasks. These operations are restricted to the local environment and defined repository targets. - [DATA_EXPOSURE_AND_EXFILTRATION]: Operations are targeted at specific repository remotes (
origin,vercel-website) belonging to the vendor. No access to sensitive credentials, SSH keys, or exfiltration to unauthorized external domains was identified. - [PROMPT_INJECTION]: The skill ingest blog content from the
content/blog/**directory. While this constitutes an indirect ingestion surface, the logic is limited to file management and validation without exposure to instruction-following vulnerabilities.
Audit Metadata