recon
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses specialized agent tools for exploration and task recording rather than arbitrary shell execution. It explicitly restricts bash commands against its internal memory paths and operates as a read-only tool on the codebase.
- [DATA_EXFILTRATION]: No network operations or external data transfer mechanisms were found. Communication and state management are handled through disk-mediated dispatch within a local scratch directory.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads or install third-party packages. All sub-agent behaviors are defined by local prompt templates.
- [PROMPT_INJECTION]: The orchestration and sub-agent prompts are well-defined with clear boundaries and instructions for evidence-based reporting. There are no attempts to bypass safety filters or override system instructions.
- [SAFE]: The access to the project-specific memory directory is used for legitimate session management, caching, and cross-invocation state tracking.
Audit Metadata