nutmeg-store
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily advisory, offering structured comparisons of various storage formats (JSON, Parquet, SQLite) and hosting platforms (GitHub Pages, Vercel, Cloudflare).
- [SAFE]: It encourages secure data handling by recommending that API keys be stored in
.envfiles and specifically notes they should be gitignored to prevent accidental exposure. - [SAFE]: All mentioned external services, such as GitHub, Cloudflare, Vercel, AWS, Google Cloud, Supabase, and HuggingFace, are well-known and reputable technology providers.
- [SAFE]: The skill reads from a local configuration file
.nutmeg.user.mdto personalize its responses based on the user's project goals. This is a routine method for managing agent context. - [SAFE]: No suspicious command execution, data exfiltration patterns, obfuscation, or malicious prompt injection attempts were detected in the instructions or metadata.
Audit Metadata