coding
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent to install common development tools such as
eslintandprettierusing package managers. These are trusted tools from established registries, making the risk low per trust policy. - COMMAND_EXECUTION (LOW): The skill directs the agent to execute project-specific commands like
npm test,pytest, andnpm run lint. This is intended for verification but involves executing code present in the user's project environment. - PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8). Ingestion points: The agent is instructed to read and review project code and configuration files. Boundary markers: No explicit markers are defined to distinguish untrusted project content from agent instructions. Capability inventory: The agent has the ability to execute shell commands and install software. Sanitization: No input sanitization or validation of the project data is mentioned before processing.
Audit Metadata