runtime-sync
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a workflow that makes the agent vulnerable to indirect prompt injection by requiring the ingestion of data from external sources.
- Ingestion points: Documentation, READMEs, and CHANGELOGs are fetched from external repositories like ZeroClaw and OpenClaw via curl and npm as described in references/upstream-sources.md.
- Boundary markers: There are no instructions or delimiters provided to the agent to treat external content as untrusted or to ignore instructions embedded within those files.
- Capability inventory: The agent is instructed to perform high-privilege development tasks including cargo build, cargo test, and npm install as part of the verification steps in references/full-stack-checklist.md.
- Sanitization: The skill lacks any requirement for the agent to sanitize or validate the metadata extracted from external sources before applying it to code generation or project configuration.
- [COMMAND_EXECUTION]: The skill directs the agent to execute a variety of system commands for research and development verification.
- Evidence: Commands like cargo build, cargo test, npm install, and git clone are explicitly part of the verification and installation workflows in references/full-stack-checklist.md and references/upstream-sources.md.
- [EXTERNAL_DOWNLOADS]: The skill uses external platforms to gather metadata and potentially source artifacts.
- Evidence: References to GitHub (api.github.com) and the npm registry (npmjs.com) are documented in references/upstream-sources.md for researching runtime versions and documentation. These are well-known technology services and are documented here as part of the intended development research workflow.
Audit Metadata