Skills
skills/thinkfleetai/thinkfleet-engine/model-usage/Gen Agent Trust Hub

model-usage

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the codexbar CLI tool via Homebrew.
  • Evidence: The metadata in SKILL.md specifies an installation command for the steipete/tap/codexbar cask.
  • [COMMAND_EXECUTION]: The Python script executes a local binary to retrieve cost data.
  • Evidence: scripts/model_usage.py uses subprocess.check_output to run the codexbar command.
  • Security: The command construction uses a fixed list and restricts the provider argument to validated choices ('codex' or 'claude'), preventing shell injection.
  • [SAFE]: No malicious patterns or security vulnerabilities were identified.
  • Evidence: The source code performs local data aggregation without any network operations or unauthorized file access.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:15 AM