skills/andrewchendev/enterprise_software_development_framework/enterprise-software-development-framework/Gen Agent Trust Hub
enterprise-software-development-framework
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill provides role-based templates (Architect, Product Owner, Backend Engineer). These instructions are standard role-play configurations and do not contain directives to bypass safety filters or disregard system instructions.
- [DATA_EXPOSURE] (SAFE): No credentials, API keys, or sensitive file paths are present. The
AGENTS.mdfile explicitly includes a security policy advising against the commitment of secrets. - [REMOTE_CODE_EXECUTION] (SAFE): There are no scripts or configuration files that initiate remote downloads or execution. The
npxcommand in the README is an instruction for the user to install the skill via an external CLI, not an automated routine within the skill itself. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface where it processes external project names or code for review (e.g., in 'Senior Backend Engineer' mode).
- Ingestion points: User-provided project names and code snippets are interpolated into the persona prompts in
SKILL.md. - Boundary markers: Absent; the instructions do not use delimiters to wrap external input.
- Capability inventory: None; the skill does not define any tools, subprocess calls, or file-system write operations.
- Sanitization: Absent; external input is used directly.
- Assessment: Because the skill lacks any side-effect capabilities (writing files, executing commands, or network access), the risk is negligible (Tier: INFO).
Audit Metadata