sequential-thinking
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/main.cjsfile useschild_process.spawnto execute a local Python script located at.claude/tools/optimization/sequential-thinking/executor.py. This is the intended execution method for the skill's standalone mode. - [EXTERNAL_DOWNLOADS]: The documentation references official packages from the
@modelcontextprotocolscope vianpxand themcpPython library viapip. These are well-known and trusted resources for implementing MCP-based functionality. - [PROMPT_INJECTION]: The skill defines 'Iron Laws' and a 'Memory Protocol' which are behavioral instructions for the AI agent. These are designed to enforce a systematic problem-solving process and do not attempt to bypass safety guidelines or extract system prompts.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials or unauthorized data transmission was found. The skill interacts with local project memory files (e.g.,
learnings.md,issues.md) to maintain state across sessions, which is standard behavior for this type of tool. - [REMOTE_CODE_EXECUTION]: The skill relies on local script execution and verified MCP packages. There are no patterns of fetching and piping remote code from untrusted sources.
Audit Metadata