workflow-preflight
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes common development tools including
gitandgh(GitHub CLI) to perform repository status checks, fetch remote updates, and query issue metadata. These operations are aligned with the skill's stated purpose of workflow preflight validation. - [DYNAMIC_CONTEXT_INJECTION]: The skill employs
!commandsyntax to automatically populate repository context such as the current branch name, remote URL, and stash list when the skill is loaded. These commands are limited to local Git metadata and do not access sensitive files or perform data exfiltration. - [SAFE]: The
allowed-toolsconfiguration in the frontmatter explicitly restricts the execution environment to specific Git and GitHub CLI subcommands, adhering to the principle of least privilege and preventing arbitrary command execution.
Audit Metadata