Skills
skills/othmanadi/apex/apex-tier1/Gen Agent Trust Hub

apex-tier1

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses validation scripts (validate.sh and validate.ps1) that utilize dynamic execution functions like eval and Invoke-Expression to run commands.
  • [COMMAND_EXECUTION]: The commands to be executed are dynamically extracted from local project files such as package.json (e.g., the lint and test scripts). This creates an attack surface where a repository with a malicious configuration could execute arbitrary shell commands when the agent triggers the validation loop.
  • [COMMAND_EXECUTION]: The skill is intended for autonomous, "fire-and-forget" operation, which means these validation commands are executed without a human-in-the-loop to verify the safety of the project-specific scripts being run.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 03:33 PM