factory-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an installation command using
npxthat targets the author's own repositoryjwilger/agent-skills. This is a standard and expected deployment pattern within the ecosystem. - [COMMAND_EXECUTION]: Provides functionality to update the local
.factory/config.yamlfile. These operations are guarded by validation logic and require explicit human confirmation before any changes are persisted, preventing unauthorized or accidental modifications. - [DATA_EXFILTRATION]: Accesses build-related metadata and logs located in the
.factory/directory. These read operations are strictly local and necessary for generating the dashboard summaries; no network patterns or outbound data transfers were observed. - [PROMPT_INJECTION]: Processes data from build retrospectives and PR summaries. While these sources include human-generated text, the skill operates on internal project artifacts with no identified intent to bypass safety guidelines or override agent behavior.
Audit Metadata