symmetric-dogfooding
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The implementation guide and examples (in
SKILL.mdandreferences/example-setup.md) suggest configuring dev-dependencies that point to external GitHub repositories such ashttps://github.com/terrylica/rangebar-pyandhttps://github.com/terrylica/trading-fitness. Since these organizations are not in the trusted list, downloading code from them for integration testing is considered a medium-risk activity. - COMMAND_EXECUTION (LOW): The skill provides automation tasks (e.g., in
mise.toml) that executeuv syncandpytest. These commands download and run code from the specified external repositories, facilitating the execution of potentially untrusted code within the development environment.
Audit Metadata