guard
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a
PreToolUsehook to intercept Bash commands and route them throughguard/bin/check-dangerous.sh. This is a protective measure designed to prevent accidental system damage. - [SAFE]: The
rules.jsonfile contains patterns for identifying risky commands (e.g.,rm -rf /,curl | bash,git push --force). These are standard security best practices for automated agents. - [SAFE]: The shell script
guard/bin/check-dangerous.shperforms local analysis usingjqandgrepto categorize commands into three safety tiers (Allowlist, In-project, Pattern matching). No remote network calls or unauthorized data access patterns were detected. - [SAFE]: The skill's 'Freeze Mode' manages local path restrictions via a configuration file (
guard/config.json) to limit the scope of write operations, enhancing safety during debugging sessions.
Audit Metadata