risk-assess
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
risk-analyze.jsexecutes severalgitcommands (rev-parse,diff,status,log) andgrepto perform its analysis. These commands are executed locally using a utility that takes arguments as an array, minimizing the risk of command injection. - [DATA_EXPOSURE]: The skill reads project files, including configuration files like
.env,package.json, andtsconfig.json, to detect the removal of exports or configuration keys. It only reports the metadata (e.g., the name of a removed key) and does not extract or exfiltrate the values contained within these files. - [SAFE]: No malicious patterns such as remote code execution, obfuscation, or persistence mechanisms were detected. The skill's behavior is consistent with its stated purpose of providing code change risk metrics.
Audit Metadata