feature-implement
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions designed to bypass agent safety protocols or override core instructions. Phrases like 'IMPORTANT' are used correctly within a technical context.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths (like ~/.ssh), or network exfiltration patterns were identified. The use of 'Turso' and 'redb' are described as architectural storage choices, not exfiltration vectors.
- Obfuscation (SAFE): No evidence of Base64 encoding, zero-width characters, homoglyphs, or other techniques to hide malicious code was found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard, reputable Rust crates (e.g., anyhow, tokio, serde, thiserror). It does not perform any 'curl | bash' style remote executions or download untrusted scripts.
- Command Execution (SAFE): The shell commands listed (cargo fmt, cargo audit, touch) are standard development utilities essential to the skill's primary purpose of software engineering assistant.
- Persistence & Privilege Escalation (SAFE): There are no attempts to modify system startup files, cron jobs, or request administrative privileges (sudo/runas).
- Indirect Prompt Injection (LOW): As a tool that processes code requirements, it has a natural ingestion surface for untrusted data. However, it does not include unsafe prompt interpolation patterns that would heighten this risk beyond standard coding assistant operations.
Audit Metadata