coding-practices
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/run-checks.sh' performs project auto-detection and executes testing, linting, and build commands (e.g., 'npm test', 'cargo test') using 'eval'. This functionality is limited to invoking standard development tools based on the presence of manifest files.
- [DATA_EXFILTRATION]: The skill includes defensive instructions in 'coding-behavior.md' and 'references/tool-design-checklist.md' directing agents to redact sensitive data and avoid leaking secrets in logs or error messages.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (Category 8) as the verification script processes untrusted project manifest files to decide which commands to run. Evidence Chain: 1. Ingestion points: 'scripts/run-checks.sh' detects project types by checking for the existence of files like 'package.json', 'Cargo.toml', and 'pyproject.toml'. 2. Boundary markers: Absent; the script uses standard file detection without specialized delimiters for untrusted input. 3. Capability inventory: The script utilizes shell execution via 'eval' to run build and test suites. 4. Sanitization: The script uses presence-based triggers and fixed command strings, avoiding the interpolation of raw file content into the shell, which significantly mitigates injection risks.
Audit Metadata