find-gaps
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill focuses on analytical checklists and conversational guidance. No evidence of malicious intent or dangerous execution patterns was found.
- [COMMAND_EXECUTION]: While the skill mentions technical commands like
pnpm migrate down, these are explicitly provided as examples for the user to include in their own documentation (e.g., rollback strategies) and are not intended for execution by the agent itself. - [DATA_EXFILTRATION]: The instructions reference PII (Personally Identifiable Information), secrets, and authentication models, but only as items for the agent to verify the existence of in the user's plans. There are no instructions to access local environment variables, SSH keys, or cloud credentials.
- [PROMPT_INJECTION]: The skill relies on a robust human-in-the-loop mechanism. Every proposed update to an artifact must be displayed to the user for confirmation (
write as-is / edit inline / discard) before any file-writing tool is invoked. This effectively mitigates the risk of indirect prompt injection from the artifacts being reviewed.
Audit Metadata