careful
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The hook script (
bin/check-careful.sh) executes standard system utilities includinggit,basename,date, andpython3. These tools are used to extract command metadata from tool inputs and to generate timestamps for local logging. - [DATA_EXFILTRATION]: The skill collects the current working directory's repository name and logs it to a hidden local file (
~/.gstack/analytics/skill-usage.jsonl). This metadata collection is used for local telemetry and usage tracking associated with the author's suite of tools. - [SAFE]: Heuristic detections for destructive system commands are false positives. The patterns (e.g.,
rm -rf,DROP TABLE) are contained within regular expressions in the shell script to identify dangerous user commands and trigger a safety warning, rather than to execute those commands maliciously.
Audit Metadata