trinity-compatibility
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed as a defensive utility. Its primary goal is to perform security audits on agent directories, checking for credential leaks and configuration errors.\n- [COMMAND_EXECUTION]: It utilizes bash commands (ls, cat) and Grep for file system inspection. These are standard tools for an auditing skill and are restricted to read operations.\n- [DATA_EXPOSURE]: The skill reads project configuration files, including those that might contain sensitive info like .env. However, the analysis is performed locally, and there are no network-enabled tools available for data exfiltration.\n- [PROMPT_INJECTION]: The skill reads external file content, creating an indirect prompt injection surface. (1) Ingestion points: Local project files via Read and Bash tools. (2) Boundary markers: None. (3) Capability inventory: Read-only bash and grep tools. (4) Sanitization: None. Because the agent cannot write to files or access the network in this context, the risk of exploitation is negligible.
Audit Metadata