Skills
skills/gaelic-ghost/apple-dev-skills/dash-docset-install-generate/Gen Agent Trust Hub

dash-docset-install-generate

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches docset and cheatsheet catalogs from official Kapeli GitHub repositories. These downloads are used for metadata updates and do not involve the execution of remote code.
  • [COMMAND_EXECUTION]: Employs the macOS open utility to launch Dash-specific URI schemes (dash:// and dash-install://). These commands are executed securely using argument lists in subprocess.run, which prevents shell injection.
  • [SAFE]: Persistence is implemented via a configuration file located in the user's home directory (~/.config/gaelic-ghost/apple-dev-skills/). This is a standard method for storing vendor-specific customization settings and does not exhibit malicious behavior.
  • [SAFE]: The skill reads the Dash API status file in the user's Library folder to facilitate local integration. This local file access is restricted to application metadata and does not expose sensitive user data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 04:09 AM