12factor-rock
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured instructions for packaging 12-factor applications using Canonical's Rockcraft. It emphasizes staying within extension boundaries and following predefined contracts.
- [SAFE]: The Python script
scripts/check_rock_contract.pyis a utility to validate local repository structure. It uses safe parsing methods (tomllib, json) and regular expressions to identify framework-specific requirements without executing untrusted code. - [SAFE]: No patterns of prompt injection, data exfiltration, or obfuscation were detected. Instructions explicitly discourage unsafe build modes (e.g.,
--destructive-mode) and unauthorized configuration changes. - [SAFE]: The skill uses official tools like
rockcraftandskopeo, which are standard for the target platform (Canonical/Ubuntu). It also manages non-root user permissions (e.g.,_daemon_) for runtime safety. - [SAFE]: Although the skill processes external repository data, the ingestion is limited to metadata parsing in the validation script, which represents a minimal and standard attack surface for development tools.
Audit Metadata