.agents
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Several document processing skills recommend the installation of standard packages such as 'python-pptx', 'pypdf', and 'docx'. These dependencies are appropriate for the documented functionality and are sourced from established registries.
- [COMMAND_EXECUTION]: The 'yt-dlp-downloader' skill utilizes 'yt-dlp' and 'ffmpeg' for video processing, which is its primary purpose. Additionally, 'docx' and 'pptx' skills use local scripts for document manipulation, a necessary component for XML-based Office document editing.
- [PROMPT_INJECTION]: Creative and design-focused skills include instructional directives aimed at improving output quality and avoiding generic styles. These are categorized as benign instructional enhancements rather than attempts to bypass security controls.
- [DATA_EXFILTRATION]: Local logging mechanisms, such as the one in 'static-residential-ip-assessor' for '~/ip-assessments.md', are used for historical tracking on the user's system and do not involve external data transmission.
- [CREDENTIALS_UNSAFE]: Skills requiring external API access, such as 'sora' and 'kie-ai-generation', provide clear instructions for secure credential management using environment variables, specifically cautioning against sharing keys in the chat interface.
Audit Metadata