weft-ai-language
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to execute local scripts (
./dev.sh,./cleanup.sh) and build tools (cargo,pnpm) from a cloned repository. This is standard behavior for a development framework. - [EXTERNAL_DOWNLOADS]: Fetches the 'kind' (Kubernetes in Docker) binary from the official Kubernetes SIGs (Special Interest Groups) infrastructure at
kind.sigs.k8s.io. This is a well-known and trusted source for container orchestration tooling. - [PROMPT_INJECTION]: The skill defines a programming model that ingests data from untrusted sources (such as web search results and human input) and processes it through LLM nodes. This creates a surface for indirect prompt injection. While the skill documentation demonstrates the use of system prompts to define behavior, developers should ensure proper sanitization and boundary markers when building production pipelines with these nodes.
- [CREDENTIALS_UNSAFE]: Instructions correctly advise users to manage secrets using an
.envfile based on a provided template, which is a standard security practice for local development to avoid hardcoding credentials.
Audit Metadata