greptile-config
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow instructs the agent to execute shell commands such as 'ls -la' to map the repository structure and 'npx glob' to verify file matching patterns during the configuration validation phase.
- [CREDENTIALS_UNSAFE]: Phase 1 of the configuration workflow directs the agent to search for sensitive files and patterns, specifically naming '.env', '.env.local', 'credentials', 'secrets', and 'private_key'. The goal is to identify these for exclusion from the code review process, but the instruction to proactively locate credential-bearing files introduces a data exposure risk.
- [EXTERNAL_DOWNLOADS]: The configuration verification protocol suggests using 'npx glob' to test file patterns, which involves fetching and executing the 'glob' package from the public NPM registry.
Audit Metadata