opc-community-writer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a central Node.js workflow runner (
run-workflow.js) that manages a series of local Bash scripts. These scripts automate tasks such as creating project directories (init-article-dir.sh), generating image prompts (generate-images-plan.sh), and sanitizing text (sanitize-article.sh). The execution is strictly limited to the skill's own directory and the user-specified task folders, using standard system utilities likesed,awk, andpython3for text processing. - [EXTERNAL_DOWNLOADS]: The skill includes a setup script (
setup.sh) that installs theplaywrightlibrary and the Chromium browser. These are well-known and trusted automation tools used for web-based research and content validation. All downloads are performed through standard package managers (NPM/Bun) and official service CDNs. - [SAFE]: The skill demonstrates a strong security and compliance posture by implementing several validation scripts (
validate-article.sh,validate-xhs.sh, etc.) that enforce content safety. These scripts check for prohibited income promises, ensure that no external URLs are included in final article drafts, and verify that all policy-related content includes necessary date and region markers. The codebase is transparent, well-documented, and contains no signs of obfuscation or malicious intent.
Audit Metadata