Skills
skills/udecode/better-convex/report-bug/Gen Agent Trust Hub

report-bug

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [SAFE]: No malicious behavior or security violations were detected. The skill's operations are consistent with its documented function as a bug reporting tool.
  • [COMMAND_EXECUTION]: The skill executes standard system commands to gather technical context for the report, including uname -a for OS information and claude --version for tool versioning. It also utilizes the GitHub CLI (gh) to submit the final report.
  • [DATA_EXFILTRATION]: Technical metadata and user-provided bug descriptions are sent to the GitHub repository EveryInc/compound-engineering-plugin. This data transmission is the primary intended function of the skill and targets a relevant destination for the plugin being supported.
  • [DATA_EXPOSURE]: The skill reads ~/.claude/plugins/installed_plugins.json to identify the version of the compound-engineering plugin. This access is limited to a non-sensitive configuration file used for version verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:21 AM