Skills
skills/alirezarezvani/claude-code-skill-factory/tech-stack-evaluator/Gen Agent Trust Hub

tech-stack-evaluator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [NO_CODE] (SAFE): No executable scripts, backend logic, or agent-specific system instructions (SKILL.md) were provided in the analyzed file set. The analysis is based on provided documentation and sample JSON inputs/outputs.
  • [PROMPT_INJECTION] (LOW): The documentation in HOW_TO_USE.md describes a feature where the skill analyzes content from external URLs such as GitHub and npm repositories. This introduces a surface for Indirect Prompt Injection. 1. Ingestion points: Content from user-provided URLs (GitHub/npm). 2. Boundary markers: None identified (missing implementation). 3. Capability inventory: Data retrieval and comparative analysis. 4. Sanitization: None identified (missing implementation).
  • [EXTERNAL_DOWNLOADS] (LOW): The described functionality involves network operations to retrieve metadata and ecosystem health data from third-party sources (github.com, npmjs.com), which creates a potential risk if the data is parsed unsafely.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM