rule-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill instructs the agent to run
npm run buildto regenerate project documentation (AGENTS.md). This is an expected behavior for a build-related skill and is restricted to local development scripts. - DATA_EXPOSURE (SAFE): The skill requires access to local project configuration files (e.g.,
packages/angular-best-practices-build/src/config.ts) and directory structures to correctly place new rule files. This access is necessary for its primary function and does not target sensitive user data or system credentials. - INDIRECT_PROMPT_INJECTION (LOW): The skill operates as a surface for processing user-provided rule content and writing it to the filesystem. While it lacks explicit boundary markers for user input, it enforces strict structural templates and size constraints (e.g., maximum line counts and code block limits) that limit the potential for malicious content to be persisted or executed during the build phase.
Audit Metadata