compose-doctor
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions or bypass attempts were identified. The skill's ingestion of application logs for error scanning is a primary and expected function, and while it creates a surface for indirect instructions, the logic is limited to matching known error substrings.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
goldskyCLI commands for diagnostics. These operations are scoped to the vendor's toolset. A command to clear a local cache (rm -rf ~/.cache/esbuild) is included as a specific fix for build failures, which is a legitimate and targeted troubleshooting action. - [DATA_EXFILTRATION]: No unauthorized data transmission was found. The skill interacts with project metadata and secrets through the official platform CLI as part of its diagnostic workflow. No network requests are made to unknown or third-party domains outside of the vendor's infrastructure.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling practices were detected. The skill interacts with local
.envfiles and cloud secrets using standard management commands provided by the platform CLI.
Audit Metadata