enterprise-readiness
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/verify-reproducible-build.shuses theevalcommand to execute an arbitrary build string passed as a command-line argument. This allows for command execution in the environment where the script is run if the input is influenced by an attacker. - [EXTERNAL_DOWNLOADS]: The skill includes Python scripts and shell commands that perform network requests to official security platforms such as
bestpractices.devandsecurityscorecards.dev. These requests are used to manage OpenSSF Best Practices badges and fetch Scorecard data, which aligns with the skill's stated purpose.
Audit Metadata