production-hardening
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill serves a legitimate engineering purpose, providing a structured framework for improving application resilience without introducing security risks or unauthorized behaviors.
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of well-known, production-grade libraries from trusted vendors, including AWS (@aws-lambda-powertools) and established open-source maintainers (cockatiel, tenacity). These resources are documented neutrally and originate from reputable ecosystems.
- [PROMPT_INJECTION]: The skill analyzes external codebase content, which presents a potential surface for indirect prompt injection. This is a characteristic of the skill's primary purpose (code auditing) rather than a malicious defect. The risk is mitigated by the skill's phase-based approach and the requirement for explicit user confirmation before implementing code changes.
- Ingestion points: Phase 1 and 2 read project configuration files (e.g., package.json) and source code through the scan.sh script.
- Boundary markers: The skill instructions maintain a clear separation between the analysis (Phase 3) and implementation (Phase 4) steps.
- Capability inventory: The skill is permitted to use Write and Bash tools to perform its hardening tasks.
- Sanitization: No specific code sanitization is performed on the input project files during the static scanning process.
- [COMMAND_EXECUTION]: The skill utilizes a local bash script (scan.sh) to perform static analysis of the target codebase using standard system utilities like grep and find. These operations are limited to counting and identifying specific patterns for reporting purposes.
Audit Metadata