Hearth
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands for environment discovery, configuration application, and syntax validation. It implements safety guardrails such as mandatory timestamped backups before modification and requiring explicit user confirmation for
sudooperations or changing the default shell. - [EXTERNAL_DOWNLOADS]: The configuration examples include fetching installation scripts and plugins from trusted repositories. Specifically, it references the official Homebrew installation script and well-known GitHub repositories for Neovim (lazy.nvim, vim-plug) and tmux (TPM) plugin managers. These downloads are documented neutrally as they originate from well-known technology organizations and popular open-source projects.
- [DATA_EXFILTRATION]: The skill includes explicit instructions and auditing rules (DF-01, RS-04) to prevent sensitive data such as API keys, cloud credentials, and SSH private keys from being tracked in dotfile repositories.
- [PROMPT_INJECTION]: The skill defines clear role boundaries and instructional 'Never' constraints to prevent bypassing safety guidelines or writing secrets to disk.
Audit Metadata