Skills
skills/dnyoussef/ai-chrome-extension/production-readiness/Gen Agent Trust Hub

production-readiness

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a Bash execution flow to automate the validation process. It executes various commands including jq for JSON parsing, standard Unix utilities like grep, mkdir, and cat, and manages project files.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to execute tools from the claude-flow package. This results in the download and execution of external code from the NPM registry if the package is not already cached in the local environment.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its processing of untrusted project data.
  • Ingestion points: Reads and analyzes files from a user-provided target_path using various audit tools (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
  • Capability inventory: The skill possesses the ability to execute shell commands, write files (e.g., deployment checklists), and influence deployment gate decisions (SKILL.md).
  • Sanitization: Employs jq to parse and validate structured JSON output from its auditing tools, providing a level of protection against malformed data (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 07:18 AM