duende-docs
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess calls to orchestrate internal maintenance scripts and ensure required dependencies like pyyaml are installed from official package registries.
- [EXTERNAL_DOWNLOADS]: Documentation content is fetched from the official Duende Software documentation domain (docs.duendesoftware.com) using the llms-full.txt format to keep the local documentation librarian up to date.
- [COMMAND_EXECUTION]: Path resolution utilities in the skill include explicit validation to prevent path traversal attacks by ensuring resolved paths remain within the skill or repository roots.
Audit Metadata