shell-completer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTION
Full Analysis
- [NO_CODE]: The skill documentation references an external script located at
{baseDir}/completer.shto perform its primary functions, but this file is not included in the provided skill package. - [COMMAND_EXECUTION]: The skill is designed to execute shell commands and generate scripts for bash, zsh, and fish. It demonstrates a workflow for executing local scripts to automate CLI completion generation.
- [PROMPT_INJECTION]: No prompt injection or behavioral override attempts were found in the skill metadata or body.
- [DATA_EXPOSURE]: The skill describes functionality to read
package.jsonfiles to extract scripts for completion generation, representing a standard local data ingestion pattern. - [PERSISTENCE]: The documentation includes an
--installcommand which, based on the description, is intended to write completion scripts to shell configuration paths (e.g.,~/.completions/), which is a form of persistent shell integration typical for this use case.
Audit Metadata