context-engineering
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines trust levels for context and explicitly labels user-submitted content and third-party API responses as 'Untrusted', instructing agents to treat instruction-like text in these sources as data rather than directives.
- [COMMAND_EXECUTION]: Examples of standard development commands (e.g., npm build, npm test) are provided for context configuration; these are common project tasks and do not represent arbitrary or dangerous code execution.
- [DATA_EXFILTRATION]: The skill advocates for establishing clear boundaries by instructing agents via rules files to never commit secrets or environment variables, which helps prevent accidental data exposure.
Audit Metadata