command-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains instructional content for developers and does not include any patterns designed to override agent behavior, bypass safety filters, or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths (like ~/.ssh), or unauthorized network operations were detected. Examples like 'Security Review' specifically focus on detecting secrets rather than exposing them.
- [Command Execution] (SAFE): The documentation describes how to use the 'Bash' tool for standard development tasks (e.g., git, npm, kubectl). It does not include or encourage the execution of arbitrary, obfuscated, or malicious commands.
- [Remote Code Execution] (SAFE): There are no patterns for downloading and executing remote scripts or packages. All code execution described is local and context-dependent for the developer.
- [Indirect Prompt Injection] (LOW): The skill documents the use of file interpolation (e.g., @path/to/file) which is an inherent surface for indirect prompt injection if the ingested data is attacker-controlled.
- Ingestion points: Examples in
examples/simple-commands.mduse@$1to read file content into the prompt. - Boundary markers: Absent in basic examples; the skill prioritizes simplicity for educational purposes.
- Capability inventory: Commands are shown using
Bash,Read, andGreptools. - Sanitization: Not implemented in these illustrative examples. Severity remains LOW as this is a documentation of a platform-native feature rather than a malicious implementation.
Audit Metadata