skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code Shipped (SAFE): The analyzed files are limited to Markdown (.md) documentation. The core functionality described (shell scripts and TypeScript logic) is not included in the provided file set, presenting no immediate execution risk.
- Security-Centric Design (SAFE): The documentation describes a 'guardrail' mechanism intended to increase safety by blocking unverified tool usage (e.g., preventing incorrect database queries) and providing context-aware suggestions to the agent.
- Infrastructure Patterns (SAFE): The use of npx and tsx for running local TypeScript hooks is a standard development practice for modern AI tooling. The commands provided in the documentation are examples for manual testing and verification by the developer.
- Indirect Prompt Injection Surface (LOW): The architecture described in HOOK_MECHANISMS.md and TRIGGER_TYPES.md ingests untrusted data from user prompts and file contents. Although this documentation is safe, the described system possesses an inherent attack surface.
- Ingestion points: User prompt strings (via UserPromptSubmit) and file contents (via PreToolUse/contentPatterns).
- Boundary markers: Documentation suggests using '// @skip-validation' or similar markers to override blocks.
- Capability inventory: The system has the capability to block agent tool execution by exiting with code 2 and injecting messages into the agent's context.
- Sanitization: The documentation focuses on regex matching but does not explicitly detail sanitization of the input before it influences the agent's context.
Audit Metadata