gpg-signing
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were detected. The skill adheres to its stated purpose of providing GPG configuration guidance.
- [EXTERNAL_DOWNLOADS]: References official and well-known software sources for GnuPG tools, such as gpg4win.org, gpgtools.org, and gnupg.org, which are documented neutrally as trusted installation points.
- [COMMAND_EXECUTION]: Provides standard commands for GPG and Git configuration, including instructions to set environment variables in shell profiles like ~/.bashrc. These are routine configuration steps for enabling GPG functionality in terminal environments.
- [DATA_EXFILTRATION]: Includes procedures for exporting GPG keys for backup. This is categorized based on the sensitive nature of the data; however, the skill provides robust security warnings, instructing users to keep exported keys in encrypted vaults and avoid unencrypted storage, which aligns with security best practices.
Audit Metadata