ipc-preload-spec-sync-guardian
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the synchronization of project specifications and documentation through localized Node.js scripts. All file operations, including reads and audits, are confined to the project's internal documentation directories.
- [PROMPT_INJECTION]: Sub-agent definitions in the
agents/directory use persona identifiers (e.g., 'Kent Beck', 'Martin Fowler', 'Gene Kim') to establish a methodology for task execution. These instructions are explicitly framed as 'thinking style references' and include specific directives to avoid impersonation, which is a benign instructional pattern. - [COMMAND_EXECUTION]: The validation script (
scripts/validate_all.js) uses thespawnSyncmethod to execute a local audit script. This internal command execution is used solely for the skill's self-verification process and does not involve any untrusted or external input.
Audit Metadata