hello-world
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's primary function is to greet the user with a personalized message. No malicious patterns such as prompt injection, obfuscation, or persistence mechanisms were detected.
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts included in the package:
scripts/collect-os-infos.cjsretrievesos.arch()andos.type().scripts/collect-username.cjsretrievesos.userInfo().username.- Both scripts use built-in Node.js modules and do not accept external arguments or execute arbitrary system commands.
- [DATA_EXPOSURE]: The skill accesses the local system's username and OS metadata. This information is intended for the user's view in the final template and is not exfiltrated via network calls or stored insecurely.
Audit Metadata