platform
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install external dependencies from the npm registry, specifically '@effect/platform' and its platform-specific variants '@effect/platform-node' and '@effect/platform-bun'.
- [COMMAND_EXECUTION]: The skill documents and enables powerful system capabilities through the 'FileSystem' and 'Terminal' modules, which allow for reading, writing, and deleting files, as well as performing terminal interactions.
- [DATA_EXFILTRATION]: The skill's primary functionality involves combining file system access with network capabilities ('HttpClient'), which technically provides a functional mechanism for transferring local data to remote endpoints.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted external data.
- Ingestion points: Network response bodies and server request parameters/bodies retrieved via '@effect/platform' (SKILL.md).
- Boundary markers: Absent. No explicit delimiters or specific warnings to ignore embedded instructions are demonstrated in the example code snippets.
- Capability inventory: File system operations (read/write/delete), terminal interaction, and outbound network requests (SKILL.md).
- Sanitization: The skill documents best practices including 'Schema validation' using the 'effect' schema library to validate and sanitize the structure of external data.
Audit Metadata