Skills
skills/codihaus/claude-skills/dev-coding/Gen Agent Trust Hub

dev-coding

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns were detected. The skill's operations, including file modification and local command execution, are standard for software development tasks.
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands via the Bash tool for verification purposes, such as testing local API endpoints with curl.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface through the ingestion of external data. 1. Ingestion points: plans/features/{feature}/specs/{UC-ID}/README.md, plans/features/{feature}/scout.md, and plans/docs-graph.json. 2. Boundary markers: None present in the skill instructions. 3. Capability inventory: Full file system write/edit access and arbitrary shell command execution via the Bash tool. 4. Sanitization: The skill lacks explicit validation or sanitization of instructions found within the ingested documentation files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:42 PM