vericontext-enforcer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands within PreToolUse hooks and standalone scripts (e.g., verify-modified-docs.sh) to identify and validate documentation claims. These operations leverage standard system utilities such as grep, sed, and git.
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'npx vericontext' to perform its primary verification tasks, which involves fetching and executing the vericontext package from the well-known npm registry.
- [PROMPT_INJECTION]: The skill implements a Task hook that monitors subagent instructions. When a task is identified as documentation-related, the hook automatically injects mandatory citation and verification rules into the subagent prompt to ensure consistent enforcement of documentation standards.
Audit Metadata