typed-holes-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Python scripts (such as discover_holes.py, validate_resolution.py, and check_foundation.py) that use the subprocess module to interact with local development tools. Specifically, it executes git for branch management and diffing, pytest for running characterization and resolution tests, and radon for calculating code complexity metrics. These operations are localized and perform standard development tasks.
- [EXTERNAL_DOWNLOADS]: The documentation (README.md and SKILL.md) references an external tool named 'beads' and provides installation instructions targeting its official GitHub repository (github.com/steveyegge/beads). This download is from a well-known service and is a legitimate dependency for the skill's optional issue-tracking functionality.
- [DATA_EXPOSURE]: The skill analyzes local source code to generate a refactoring catalog (REFACTOR_IR.md). While it reads the codebase using the Python ast module and file I/O, it does not perform any network operations to transmit this data externally, maintaining local data confidentiality.
Audit Metadata