leanspec-development
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide for developers contributing to LeanSpec. It provides structured workflows for Node.js and Rust environments, utilizing official tooling and established project conventions.
- [COMMAND_EXECUTION]: The skill details numerous commands for local development (pnpm build, pnpm test) and CI/CD management (gh workflow run). These commands are essential for the skill's purpose and are documented with appropriate usage context and validation steps.
- [EXTERNAL_DOWNLOADS]: The skill manages dependencies through standard package managers and references external documentation from trusted organizations such as Anthropic, Google, and OpenAI for research purposes. All remote resources are associated with well-known technology vendors or the project's own infrastructure.
- [PROMPT_INJECTION]: A 'Runner Research' workflow is included which utilizes
web_searchto monitor the AI agent ecosystem. While this process ingests external data, it is designed for documentation and registry updates rather than immediate execution of untrusted instructions. - Ingestion points: External search results retrieved via
web_search(referenced inSKILL.md). - Boundary markers: None explicitly defined for search results.
- Capability inventory: Command execution capabilities via
pnpm,cargo, andghfor project management. - Sanitization: Results are intended for human-reviewed catalog updates or specification creation.
Audit Metadata