setup-cms
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local Python scripts (
cms_detect.pyand variouspreflight_*.pyscripts) for detecting existing CMS configurations and validating user-provided credentials. - [SAFE]: Sensitive credential management (API keys, application passwords) is handled correctly by instructing the agent to write these values to a local
.env.localfile, which is the standard procedure for local secret management and avoids insecure persistence. - [SAFE]: The skill exhibits no signs of prompt injection, data exfiltration to unauthorized domains, or obfuscation; all external CMS URLs are provided by the user and used for the skill's primary setup purpose.
Audit Metadata