read-before-edit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): The skill references standard development file paths (e.g., auth.ts, api/client.ts) as examples for reading. No hardcoded credentials or sensitive system configuration paths (like .ssh or .aws) were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill inherently processes untrusted data by reading local files using the
Readtool. - Ingestion points: Files read via the
Readtool as instructed inSKILL.md. - Boundary markers: Absent; the instructions do not specify using delimiters to separate file content from instructions.
- Capability inventory: Uses
Read,Grep, andGlobtools. - Sanitization: Absent; the skill does not include steps to sanitize or filter content read from files.
- [PROMPT_INJECTION] (SAFE): While the instructions use strong imperative language (e.g., 'ABSOLUTELY FORBIDDEN', 'MANDATORY'), these are used to define a structured development workflow rather than to bypass AI safety filters or exfiltrate data.
Audit Metadata