spec-to-code-compliance
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or hardcoded credentials were found across the skill's files. The skill is currently a scaffold for a code compliance tool and contains no functional logic in its main execution script.
- [COMMAND_EXECUTION]: The skill defines a Bash tool and provides a local Node.js script entry point (scripts/main.cjs). The script is currently a skeleton that prints a warning and exits with a status code 1, representing no security risk.
- [EXTERNAL_DOWNLOADS]: The skill metadata requests the WebFetch tool, which indicates the potential for network operations in future versions. However, the current code contains no implementation for fetching remote resources or interacting with external domains.
Audit Metadata