turtle-harden
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill performs build verification and diagnostics using
pnpm installandgw cito ensure that security hardening does not introduce regressions. Thegwutility is a vendor-specific tool from the author's ecosystem (Grove) used for workspace management. - [COMMAND_EXECUTION]: Employs the
greputility to scan the local filesystem for high-risk patterns, including hardcoded credentials (e.g., API keys, passwords) and dangerous functions likeeval()orinnerHTMLthat could lead to code execution or XSS. - [EXTERNAL_DOWNLOADS]: Triggers the installation of project dependencies via
pnpm, which fetches packages from the official NPM registry as part of the mandatory build verification phase. - [PROMPT_INJECTION]: While the skill processes user-supplied code (creating an indirect prompt injection surface), the instructions are specifically designed to audit and defend against injection and other adversarial patterns.
Audit Metadata