porch
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation for a command-line interface and contains no executable scripts or malicious instructions.
- [COMMAND_EXECUTION]: The skill documents syntax for several subcommands of the 'porch' utility, such as 'status', 'run', and 'approve'. These are local commands intended for agent execution to manage project protocols.
- [DATA_EXFILTRATION]: No unauthorized network operations or data transfers were identified. The skill references local state files in 'codev/projects/', which is standard for the tool's documented purpose.
- [PROMPT_INJECTION]: The skill processes project identifiers and status files, which constitutes a surface for indirect prompt injection. However, this is inherent to the tool's operational design and no exploitable behavior is introduced by the skill itself. * Ingestion points: 'codev/projects//status.yaml' * Boundary markers: None specified in the reference * Capability inventory: Shell execution of 'porch' CLI commands * Sanitization: None described in the documentation
Audit Metadata