recovery-coach-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation and template provider for software development within a specific project structure. No malicious logic or bypass attempts were found.
- [COMMAND_EXECUTION]: The skill requests access to
Bashspecifically fornpmandnpxcommands. This is standard and necessary for a development skill intended to facilitate linting, testing, and package management as outlined in the pre-commit checklist. - [CREDENTIALS_UNSAFE]: The skill includes an environment variable section listing sensitive keys such as
ANTHROPIC_API_KEYandDATABASE_URL. However, these are provided as empty placeholders for the user to configure, with no hardcoded secrets or sensitive credentials present in the source. - [DATA_EXFILTRATION]: While the skill mentions handling PHI (Protected Health Information) and HIPAA compliance, it provides patterns for local audit logging and secure database queries (RLS) rather than attempting to transmit data to unauthorized external endpoints.
- [PROMPT_INJECTION]: The instructions are focused on adherence to coding conventions and project structure. There are no attempts to override system prompts, bypass safety filters, or use adversarial role-play.
Audit Metadata