Skills
skills/sirius-cc-wu/sirius-skills/guide-planning/Gen Agent Trust Hub

guide-planning

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The module lib/workflow_state/parity.py invokes subprocess.run to execute the command npx skills ls -g --json. This call is used to discover installed skills for the purpose of checking parity with the repository source.
  • [DYNAMIC_EXECUTION]: The files lib/workflow_state/inventory.py and scripts/manage_planning.py utilize importlib.util.spec_from_file_location and spec.loader.exec_module to load Python modules from paths resolved at runtime. This mechanism is used to load coordinating scripts such as manage_proposals.py and scope_runtime.py from the local file system or sibling directories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 07:38 PM