guardrails
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill discovers and runs various project-specific tools for testing, linting, and security auditing (e.g., npm test, pytest, gosec). It also enables the creation and execution of local diagnostic scripts in 'script/agent-tools/' to troubleshoot complex issues, providing a controlled environment for necessary command execution.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads instructions and metadata from 'LESSONS_LEARNED.md' and local diagnostic tools. This ingestion point allows previous session data to influence current agent behavior. The skill's capability inventory includes shell execution and file modification, and it lacks explicit sanitization or boundary markers for these persistent project files.
- [SAFE]: The skill's external dependencies (e.g., bandit, semgrep, gitleaks) are well-known, trusted security tools. It includes built-in protections such as 'High-Risk Action Gating' and 'Config Protection' which explicitly prevent the agent from making dangerous changes or weakening security settings without user oversight.
Audit Metadata