acomo
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a restricted bash tool
Bash(acomo *), which ensures that the AI agent can only execute commands starting with 'acomo'. This limitation effectively prevents arbitrary command injection and restricts the agent to the intended toolset. - [EXTERNAL_DOWNLOADS]: The skill references the
@acomo/cliNode.js package. As this is a vendor-owned resource for the 'progress-all' organization, its inclusion is a standard part of the skill's integration with the 'acomo' platform. - [CREDENTIALS_UNSAFE]: The skill handles authentication by instructing the agent to check the current configuration using
acomo config showand prompting the user for a login if necessary. It does not contain any hardcoded API keys, tokens, or other sensitive secrets.
Audit Metadata