imperatives
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's behavior is consistent with its stated purpose of rule extraction.
- [COMMAND_EXECUTION]: The skill executes a provided local script (
scripts/extract-imperatives.ts) to parse files. This script uses standard file system APIs to read content and performs regex-based extraction without dangerous operations likeeval()or network requests. - [DATA_EXPOSURE]: The skill processes project-specific documentation and rule files (e.g.,
ai-workspace/rules/*.md). There is no evidence of the skill attempting to access sensitive system files or credentials. - [PROMPT_INJECTION]: The subagent implementation in Step 3 includes clear instructions and boundary markers (markdown code blocks) when processing file content, minimizing the risk of indirect prompt injection from the processed documents.
Audit Metadata