Skills
skills/sbauch/brackets-bot/bracketsbot-skill/Gen Agent Trust Hub

bracketsbot-skill

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The central entry point in scripts/cli.mjs utilizes spawn to execute various local Node.js utility scripts. This is part of the tool's internal architecture to delegate tasks like bracket generation, transaction preparation, and validation to dedicated sub-processes.
  • [DYNAMIC_EXECUTION]: The walk-run-policy command (implemented in scripts/walk-run-policy.mjs) uses the dynamic import() function to load and execute JavaScript modules from a filesystem path provided via the --policy-module argument. While intended for extensibility, this mechanism allows the execution of arbitrary code from the specified file path.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations via fetch to synchronize bracket state with the vendor's API at https://brackets.bot/api/draft. This includes posting new predictions and fetching server-side updates to ensure local and remote states are aligned for human review and submission.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 07:09 PM