next-step
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Node.js helper script to execute standard git commands (diff, status, branch) for repository analysis. It also supports an automated dispatch mode that can invoke other pre-defined internal skills. This capability is strictly limited to a hardcoded set of commands with validated arguments, preventing the execution of arbitrary shell commands.
- [SAFE]: The skill processes repository content to determine workflow phases, which is a common pattern for development assistants. It includes validation checks, such as strict regex matching for feature keys, to ensure that file path operations are safe and contained within the repository structure. No obfuscation, data exfiltration, or persistence mechanisms were found.
Audit Metadata