enforcement
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): Several enforcement scripts (e.g.,
require-commit-before-tested.py,require-dependencies.py) utilizesubprocess.runto check the local environment, such as repository status viagitor running test suites viapytest. These are legitimate uses for quality assurance and environment validation.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill's documentation references external tools and packages, specifically@anthropic-ai/sandbox-runtimeandanthropic-experimental/sandbox-runtime. While these organizations are not on the strict whitelist provided in the instructions, they are recognized official security tools for sandboxing. The skill does not automate their installation, only providing them as references for environment hardening.\n- [PROMPT_INJECTION] (SAFE): No malicious instructions or patterns designed to bypass system safety protocols or override agent instructions were detected. The skill is designed to implement constraints, not remove them.\n- [DATA_EXFILTRATION] (SAFE): No patterns of unauthorized data access or external data transmission were identified. The scripts strictly monitor local tool inputs and state files (state.json,feature-list.json).
Audit Metadata