help
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE] (SAFE): The skill does not exhibit any malicious patterns, obfuscation, or persistence mechanisms. Its logic is transparent and strictly aligned with its stated purpose of providing project help.
- [COMMAND_EXECUTION] (LOW): The skill utilizes the
Bashtool to perform simple directory listings (e.g.,ls src/components/*.tsx) to verify project progress. These commands are hardcoded in the instructions and used only for informational purposes. - [PROMPT_INJECTION] (LOW): The skill processes untrusted data by reading project files like
docs/PRD.md. This represents a potential indirect prompt injection surface. However, the instructions direct the agent to analyze the files for project state (e.g., checking if a template is empty) rather than executing instructions found within them, which significantly limits the risk.
Audit Metadata