procedural-fish-render
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a repository from the author's GitHub account (https://github.com/vibe-motion/procedural-fish.git) to provide its core rendering functionality. This is consistent with the skill's stated purpose and author context.\n- [COMMAND_EXECUTION]: The Python script executes system commands including git, pnpm, and corepack. These are executed using the subprocess module with argument lists, which is a secure practice that prevents shell injection vulnerabilities.\n- [REMOTE_CODE_EXECUTION]: The skill runs 'pnpm install' and 'pnpm run' inside the cloned repository. Although this involves executing code from a remote source, the source is the vendor's official repository, and such operations are necessary for the skill to perform its intended task.
Audit Metadata