twinmind-debug-bundle
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for diagnostic tools by only including the prefix of the API key in the generated debug bundle, preventing full credential exposure in shared reports.
- [COMMAND_EXECUTION]: Uses dynamic context injection to gather system environment details such as Node.js and Python versions and OS information. These operations are limited to non-sensitive system metadata for diagnostic purposes.
- [EXTERNAL_DOWNLOADS]: Utilizes npx to execute ts-node for running the diagnostic script. This is a standard method for executing TypeScript in development environments.
- [DATA_EXFILTRATION]: Performs network requests to the vendor's official API (api.twinmind.com) to verify connectivity and service health. This behavior is consistent with the skill's diagnostic purpose and targets the vendor's own infrastructure.
Audit Metadata