backend-development
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates a 'Code Reuse Analysis' using
grepandcodebase_searchto explore local files for existing logic. These operations are restricted to the local filesystem and are intended for project efficiency. - [EXTERNAL_DOWNLOADS]: The skill references Docker images and CI/CD templates from trusted internal Kavak sources, including a private Amazon ECR registry and
gitlab.com/kavak-it/ci-jobs. - [PROMPT_INJECTION]: While the skill's reliance on searching local code for logic reuse creates a potential surface for indirect prompt injection from comments within the codebase, this is a standard development workflow and the skill itself contains no malicious instructions.
- [SAFE]: The skill correctly uses placeholders for sensitive credentials (e.g.,
my-secret) and adheres to secure coding practices like using parameterized queries to prevent injection vulnerabilities.
Audit Metadata