audit_extension
Audits agent extensions before installation, returning a verdict of allow, quarantine, or block with line-level findings. Includes risk scanning, adversarial analysis, and optional LLM or sandbox checks.
Instructions
Audit an agent extension (a skill folder with a SKILL.md, an MCP server, or a tool repo) before installing it. Returns a verdict of allow, quarantine, or block with line-level findings.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | Path to the extension to audit. | |
| use_llm | No | Run the Gemini judge (needs GOOGLE_API_KEY). Default false. | |
| use_sandbox | No | Detonate in the Docker sandbox (needs Docker). Default false. |